[Nix-dev] /run/lock permissions
Lluís Batlle i Rossell
viric at viric.name
Sat Aug 25 11:19:48 CEST 2012
On Sat, Aug 25, 2012 at 11:01:49AM +0200, Mathijs Kwik wrote:
> Hi all,
>
> Currently, /run/lock (which is linked from /var/lock) has permission
> 700 root:root.
> I'm packaging logcheck, which uses debian's liblockfile and
> lockfile-progs, which use the /var/lock directory.
> logcheck runs as its own user, so it currently cannot touch stuff in /var/lock.
>
> What I propose:
> A new group "lock".
> /run/lock owned by root:lock, permission 1770 (sticky bit).
>
> Programs that need locking can then join that group.
>
> As this is somewhat security-related, I'm asking first if anyone has
> any objections.
It looks fine to me
More information about the nix-dev
mailing list