New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
750 log directory permissions #98
Comments
@carlwgeorge noted the same while working on #94, I was initially to make the changes in there but don't want to hold for those changes, here the PR #99, although, I'm doing the changes to |
recap can record things that wouldn't otherwise be visible to a non-superuser, e.g. the process associated with a connection in netstat output or the MySQL process list. For this reason the logs probably shouldn't be visible to non-root. |
@piersc that's a good point, in any case we can drop those from |
Yes, it's enforced in the
|
I changed back the perms(b9150b6) on I'd think this should still complain on the perms(?). But I guess that can be "fixed" with: btw, I ran rpmlint with the current code and the suggestion above and all I got is a warning: $ rpmlint util/packaging/rpm/recap.spec
util/packaging/rpm/recap.spec: W: no-%build-section
0 packages and 1 specfiles checked; 0 errors, 1 warnings.
Using:
$ rpmlint --version
rpmlint version 1.9 Copyright (C) 1999-2007 Frederic Lepied, Mandriva |
rpmlint complains on the RPM itself ( |
Yeah, I agree with @piersc we need to retain Out of curiosity, I tried $ rpmlint mariadb101u-server-utils-10.1.24-1.ius.centos7.x86_64.rpm 2>&1 |
grep -c dir-perm
0 With that being said, does anybody have any other comment about the changes? if not, I will merge #99 |
That dir is owned by -server, not -server-utils.
Regardless, it isn't a blocker. The perms can stay they way they are. What is the point of merging #99? |
Ah, that's why, thanks!
The only effective changes in there are the perms in directories inside |
Whoops, I didnt' scroll to the end to see the changes in src/recap, for some reason I thought it was only changes to the Makefile. I also noticed that it changes the script permissions from 755 to 750. I don't think this is necessary, since the script already checks if it is running as root. Changing |
I'm OK with the change on 755 to the directories inside |
Closing #99 has been merged. |
I'm working on packaging recap for Fedora/EPEL. Rpmlint complains about the 750 permissions on the log directories.
These were set this way in 2012. Are these permissions actually necessary? Is any recap output actually sensitive?
References:
The text was updated successfully, but these errors were encountered: