fedora-atomic discussion point: /usr/lib/passwd
mzerqung at 0pointer.de
Fri Apr 11 16:49:18 UTC 2014
On Fri, 11.04.14 16:09, Colin Walters (walters at verbum.org) wrote:
> On Fri, Apr 11, 2014 at 11:33 AM, Martin Langhoff
> <martin.langhoff at gmail.com> wrote:
> >If you move in this direction, you have to create files/dirs to be
> >owned by the daemon user too.
Hmm, let's think for a moment what kind of files this actually matters
for. In which directories do system users actually own files?
That'd be suid/sgid binaries in /usr/bin. That'd be working directories
in /run and /var. Anything else?
The latter don't sound too bad, since we can allocate them during late
boot. The fomer is the messy bit.
Maybe the cheap way out is to disallow suid/sgid binaries in /usr/bin
for dynamically assigned UIDs/GIDs. I this day and age, are there still
good usecases for that?
Lennart Poettering, Red Hat
More information about the devel