[pacman-dev] [PATCH] pacman-db-upgrade: set umask 022
This prevents the database from becoming inaccessible for non-root
users when the script was executed with a umask of 027.
Signed-off-by: Peter Wu
On 20/12/14 20:58, Peter Wu wrote:
It would probably be a good idea to set umask 022 for /var/cache/pacman/archives/ as well
What is that directory?
On Saturday 20 December 2014 21:00:57 Allan McRae wrote:
On 20/12/14 20:58, Peter Wu wrote:
It would probably be a good idea to set umask 022 for /var/cache/pacman/archives/ as well
What is that directory?
Typo: s/archives/pkg/ -- Kind regards, Peter https://lekensteyn.nl
On 20/12/14 20:58, Peter Wu wrote:
This prevents the database from becoming inaccessible for non-root users when the script was executed with a umask of 027.
Signed-off-by: Peter Wu
---
Applied.
Hi,
It would probably be a good idea to set umask 022 for /var/cache/pacman/archives/ as well, but that is not as severe as this issue.
If there are people who actually use 'umask 027' to make their packages unreadable, what about a global Umask setting in pacman.conf (defaulting to 022?).
I am happy with that staying how it is. A non-root user does not particularly need access to these files. Allan
On Tuesday 23 December 2014 11:18:51 Allan McRae wrote:
It would probably be a good idea to set umask 022 for /var/cache/pacman/archives/ as well, but that is not as severe as this issue.
If there are people who actually use 'umask 027' to make their packages unreadable, what about a global Umask setting in pacman.conf (defaulting to 022?).
I am happy with that staying how it is. A non-root user does not particularly need access to these files.
Allan
(S)he does not? What about copying the package to a different (virtual) machine? Or extracting a config file and look for differences? The status quo is that the permissions of cache dir items depend on the umask of the executing process which is 022 on a default installation. When I have a need to read the tarball contents, I first have to run: sudo chmod -R o+r /var/cache/pacman/pkg/ With this in mind, would you still be opposed to changing the default umask, or introducing a umask setting in pacman.conf? -- Kind regards, Peter https://lekensteyn.nl
participants (2)
-
Allan McRae
-
Peter Wu