[Pkg-sysvinit-devel] Bug#637856: /run/lock should be owned by uucp

Roger Leigh rleigh at codelibre.net
Mon Aug 15 09:15:29 UTC 2011 

On Mon, Aug 15, 2011 at 09:43:12AM +0200, Joerg Dorchain wrote:
> there are programs that stat() /var/lock to test permissions
> instead of actually trying to create lockfiles, the java rxtx
> library for example. Before making this symlink to the /run/lock
> tmpfs, ownership was preserved on harddisk.

I think the check is broken.  They should just create the lockfile
and deal with failure as and when it occurs.  This use of stat(2)
is always broken on a multiuser system in any case, because there's
always a window between doing the check and creating the file
during which the ownership/permissions could change.

Regarding the ownership change (I assume here you changed it from
root:root to root:uucp?), this has never been supported.  And in
any case, /run/lock and /var/lock are writable by anyone at
present--the ownership should not matter:

% ls -ld /run/lock
drwxrwxrwt 3 root root 100 Aug 15 08:37 /run/lock

% ls -ld /var/lock
lrwxrwxrwx 1 root root 9 May 13 17:14 /var/lock -> /run/lock

> A simple chgrp uucp /run/lock || true after creation/mounting of
> /run/lock solves this and does not hurt programmes just trying to
> write the lockfile.

Why uucp?  As shown above, the user and group owning the directory
should not matter--it's globally writable and has the sticky-bit set.

> A more general apporach is also welcome.

We have been discussing moving to having a "lock" group as used by
other distributions, but this hasn't happened yet.  /run/lock
would then be run:lock 02775 I think.  Programs creating lockfiles
would then need to be running/started as root or setgid lock.


Regards,
Roger

-- 
  .''`.  Roger Leigh
 : :' :  Debian GNU/Linux             http://people.debian.org/~rleigh/
 `. `'   Printing on GNU/Linux?       http://gutenprint.sourceforge.net/
   `-    GPG Public Key: 0x25BFB848   Please GPG sign your mail.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 198 bytes
Desc: Digital signature
URL: <http://lists.alioth.debian.org/pipermail/pkg-sysvinit-devel/attachments/20110815/c3f3bcb3/attachment.pgp>

More information about the Pkg-sysvinit-devel mailing list