BIND 10 #2171: directory permissions on make install
BIND 10 Development
do-not-reply at isc.org
Wed Aug 8 04:42:36 UTC 2012
#2171: directory permissions on make install
-------------------------------------+-------------------------------------
Reporter: jelte | Owner: vorner
Type: | Status: reviewing
defect | Milestone:
Priority: | Sprint-20120821
medium | Resolution:
Component: | Sensitive: 0
Unclassified | Sub-Project: DNS
Keywords: | Estimated Difficulty: 0
Defect Severity: N/A | Total Hours: 0
Feature Depending on Ticket: |
Add Hours to Ticket: 0 |
Internal?: 0 |
-------------------------------------+-------------------------------------
Changes (by muks):
* owner: muks => vorner
Comment:
Hi vorner
Replying to [comment:6 vorner]:
> But just to make sure, what is the reason for writable for a group?
Shouldn't it be only for the user bind10 runs as?
User is fine if BIND 10 components are the only processes that create
items in that directory. There could be other programs such as 3rd-party
frontends and even other users who the admin has configured to write in
that directory. Processes running as these users may create or modify
(create+rename) files. Setting g+s means that these files are still
accessible to BIND 10 as well as other such users in the group, as files
and sub-directories created under the local state directory will have the
group set to the parent directory's group.
[Also in one particular case (lockfiles), these may get created as user
root, and processes that run later need write access to these files.]
--
Ticket URL: <http://bind10.isc.org/ticket/2171#comment:7>
BIND 10 Development <http://bind10.isc.org>
BIND 10 Development
More information about the bind10-tickets
mailing list