Re: weekly locate error Was: September 2024 stabilization week

Reply: Kyle Evans : "Re: weekly locate error Was: September 2024 stabilization week"
Go to: [ bottom of page ] [ top of archives ] [ this month ]

From: Rodney W. Grimes <freebsd-rwg_at_gndrsh.dnsmgr.net>
Date: Tue, 01 Oct 2024 16:29:26 UTC

> On 9/30/24 19:36, Jamie Landeg-Jones wrote:
> > Kyle Evans <kevans@FreeBSD.org> wrote:
> > 
> >> It might be that the better long-term approach is to teach updatedb.sh
> >> how to drop privileges and push that out of the periodic script to avoid
> >> surprises like this from the different execution environments.  This
> >> /feels/ like the kind of thing we could take an opinionated stance on,
> >> maybe providing an escape hatch of some sort if someone really wants to
> >> complain that they can't document all filenames on the system.
> > 
> > This is how it already works. It calls locate.updatedb as "nobody", so
> > only files readable by "nobody" are indexed:
> > 
> >      echo /usr/libexec/locate.updatedb | nice -n 5 su -fm nobody || rc=3
> 
> Yes, my proposal is that it stops doing that and we teach updatedb to 
> handle the priv-dropping instead, so that you get the same behavior no 
> matter how you execute it.

If you do this please make it possible to run it WITHOUT dropping
privledge, some of actually run locate.updatedb with full access
to file systems to produce more complete locate databases where
this information is not considered private.

> Thanks,
> Kyle Evans
-- 
Rod Grimes                                                 rgrimes@freebsd.org