Hi all,
This is more or less one for Roman & Co. Is there a compelling reason why the directories under /usr/src/packages should be world writable and readable?
Yes, yes. :-) This enables non-root users to install source rpms. IMO a good idea, but feel free to close these directories if you wish. I've added these directories to the list of additional items for /etc/permissions.easy + /etc/permissions.secure.
theo:/home/theo $ sudo rpm -ql --dump rpm-3.0.4-0 [..] /usr/src/packages/BUILD 35 953918273 041777 root root 0 0 8772 X /usr/src/packages/RPMS 77 953918273 041777 root root 0 0 597 X /usr/src/packages/RPMS/i386 35 953918273 041777 root root 0 0 0 X /usr/src/packages/RPMS/noarch 35 953918273 041777 root root 0 0 18526 X /usr/src/packages/SOURCES 35 953918273 041777 root root 0 0 18707 X /usr/src/packages/SPECS 35 953918273 041777 root root 0 0 18508 X /usr/src/packages/SRPMS 35 953918273 041777 root root 0 0 18504 X
What stops a local from messing with sources, (re)builds, specs etc?
Nothing. srpms + spec files are only needed when a package is supposed to be built.
Theo
Thanks,
Roman.
--
- -
| Roman Drahtmüller