On 12.3.2014 11:41, Carsten Haitzler wrote:
newly created user will copy/start with that config (and if
needed/desired write a copy of that to $HOME/somewhere). if there are
user resources outside the users homedir (other than temporary things
like /tmp or /var/run that can get nuked at a reboot etc.)... it's just
As one example, the default storage extension of gsignond creates
credential database for each user under /var/db in a directory that is
not accessible for the user uid (and MUST NOT BE). Only gsignond itself
can directly access the database, nobody else (besides root) in the
system. Everything else goes through the per-request access controlled
IPC API. /var/db/gsignond is 770 for root:gsignond and
/var/db/gsignond/username is 0600 for username:gsignond, and gsignond
itself runs as username:gsignond for example through setgid on the
/usr/bin/gsignond.
These databases are automatically created when user first time accesses
gsignond, but should be cleaned up when user is deleted.
On Tizen we can possibly store the databases under $HOME if we can make
sure:
1) We can define SMACK access rules that only gsignond can access the file
2) We can ensure that user cannot modify SMACK ACLs under $HOME
Generally problem with $HOME is that it's owned by user and thus any
process running under that uid can modify access permissions of the
things under $HOME
_______________________________________________
Dev mailing list
[email protected]
https://lists.tizen.org/listinfo/dev
