spamassassin-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Bob Proulx <...@proulx.com>
Subject Re: cronjob warning perl_version (SOLVED)
Date Mon, 01 Dec 2014 18:55:08 GMT
Ted Mittelstaedt wrote:
> Locate will not show files that a user has set private (or root
> has set private like /usr/local/certs/machineprivatekey.key

There are at least three versions of locate all with different
behavior with regards to file permissions.  The GNU findutils locate
version simply runs as a non-priviledged user and can't see anything
that isn't available to any user.

slocate and mlocate run as root and have visibility into every file
but additionally mark the permission in the database.  The database is
unreadable for normal users and the only access is through the suid
binary.  The results returned are with respect to the user's current
file access permissions.

mlocate additionally stores directory timestamps to avoid the need to
read directories that have not changed since the last run.

Although mlocate is the most sophisticated of the set I don't use it
personally and I prefer the original locate that simply indexes using
find running as 'nobody' and only lists files that anyone can see.  In
any case the behavior depends upon the particular variant of locate
installed on your system.  If it is slocate or mlocate then running
"locate" as root will locate every matching file.

> It would have likely worked for this - but it's too difficult for
> me to attempt to prove a negative (prove a file does not exist) when I'm
> using a tool that is written to not show everything.

Unfortunately security is the one feature of the system that by design
makes it harder to use.

Bob

Mime
View raw message