A check that would be desirable for expireover, etc.
Jeffrey M. Vinocur
jeff at litech.org
Sun Mar 31 02:27:00 UTC 2002
On Fri, 29 Mar 2002, Joe St Sauver wrote:
> I recently accidentally ran expireover as root while debugging
> some other issues, with the result that root soon owned
> all the tradoverviews files, INN throttled, etc. Recovery is
> obviously no big deal thanks to chown -R, but still...
Actually, that's not always true -- it's a common newbie mistake to do
something like the initial makedbz as root, realize the mistake, and chown
the entire tree to news, including the binaries which need to be SUID.
So this is a potentially good idea.
I'm not sure how best to do it, though. We have a ton of tools in a whole
variety of languages, which implies that a wrapper might be useful
(especially since it would easily allowed experienced people to skip the
wrapper if appropriate). But `su` makes a fine wrapper, and people tend
not to have the discipline to use it when appropriate. So probably the
only thing that would work reliably is to have an entire shadow version of
bin/ with everything calling the wrapper.
And that's kinda ugly.
--
Jeffrey M. Vinocur
jeff at litech.org
More information about the inn-workers
mailing list