From nobody Tue Oct 01 16:29:26 2024 X-Original-To: freebsd-current@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4XJ3Ld48zsz5Y41k for ; Tue, 01 Oct 2024 16:29:45 +0000 (UTC) (envelope-from freebsd-rwg@gndrsh.dnsmgr.net) Received: from gndrsh.dnsmgr.net (pdx.rh.CN85.dnsmgr.net [65.75.216.6]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id 4XJ3Ld11r3z4Kv2; Tue, 1 Oct 2024 16:29:45 +0000 (UTC) (envelope-from freebsd-rwg@gndrsh.dnsmgr.net) Authentication-Results: mx1.freebsd.org; none Received: from gndrsh.dnsmgr.net (localhost [127.0.0.1]) by gndrsh.dnsmgr.net (8.13.3/8.13.3) with ESMTP id 491GTQMC000805; Tue, 1 Oct 2024 09:29:26 -0700 (PDT) (envelope-from freebsd-rwg@gndrsh.dnsmgr.net) Received: (from freebsd-rwg@localhost) by gndrsh.dnsmgr.net (8.13.3/8.13.3/Submit) id 491GTQMf000804; Tue, 1 Oct 2024 09:29:26 -0700 (PDT) (envelope-from freebsd-rwg) From: "Rodney W. Grimes" Message-Id: <202410011629.491GTQMf000804@gndrsh.dnsmgr.net> Subject: Re: weekly locate error Was: September 2024 stabilization week In-Reply-To: <21c4125f-0ac0-46f4-9f5c-9f14a3e7e397@FreeBSD.org> To: Kyle Evans Date: Tue, 1 Oct 2024 09:29:26 -0700 (PDT) CC: Jamie Landeg-Jones , freebsd-current@FreeBSD.org X-Mailer: ELM [version 2.4ME+ PL121h (25)] List-Id: Discussions about the use of FreeBSD-current List-Archive: https://lists.freebsd.org/archives/freebsd-current List-Help: List-Post: List-Subscribe: List-Unsubscribe: Sender: owner-freebsd-current@FreeBSD.org MIME-Version: 1.0 Content-Transfer-Encoding: 7bit Content-Type: text/plain; charset=US-ASCII X-Rspamd-Pre-Result: action=no action; module=replies; Message is reply to one we originated X-Spamd-Result: default: False [-4.00 / 15.00]; REPLY(-4.00)[]; ASN(0.00)[asn:10494, ipnet:65.75.216.0/23, country:US] X-Rspamd-Queue-Id: 4XJ3Ld11r3z4Kv2 X-Spamd-Bar: ---- > On 9/30/24 19:36, Jamie Landeg-Jones wrote: > > Kyle Evans wrote: > > > >> It might be that the better long-term approach is to teach updatedb.sh > >> how to drop privileges and push that out of the periodic script to avoid > >> surprises like this from the different execution environments. This > >> /feels/ like the kind of thing we could take an opinionated stance on, > >> maybe providing an escape hatch of some sort if someone really wants to > >> complain that they can't document all filenames on the system. > > > > This is how it already works. It calls locate.updatedb as "nobody", so > > only files readable by "nobody" are indexed: > > > > echo /usr/libexec/locate.updatedb | nice -n 5 su -fm nobody || rc=3 > > Yes, my proposal is that it stops doing that and we teach updatedb to > handle the priv-dropping instead, so that you get the same behavior no > matter how you execute it. If you do this please make it possible to run it WITHOUT dropping privledge, some of actually run locate.updatedb with full access to file systems to produce more complete locate databases where this information is not considered private. > Thanks, > Kyle Evans -- Rod Grimes rgrimes@freebsd.org