[EMAIL PROTECTED] wrote:
* Lots of system daemons do chdir("/") as part of their startup. If
they use libraries that try and read config files from the users home
dir then they can end up reading the ones for the root user, that might
not be desirable.
Please name one example; I think you're just making this up. Are you
suggesting that libraries exist which read config files from the current
directory?
Badly phrased rather than making it up. This actually has nothing to do
with the current working directory (so the chdir("/" is bogus - sorry I
was doing too many things at once).
Things running as daemon often do a chdir("/"), but the important bit is
the home directory of daemon is ? "/" the same as root.
~/.ssh for root and daemon resolve to the same place.
~/.sunw/pkcs11_softtoken/ - which is an encrypted keystore resolve to
the same place.
Now proper default permissions ensure there isn't a security problem
here but it means that root and daemon can't have separate
configurations for these things. For the pkcs11_softtoken case it
actually means that for the daemon user by default their can't be a
persistent keystore because root already staked out that namespace.
* because the root user can have personal config files and the existence
of those files should not be available to unprivileged users, or for
tidyness.
* consistency with other systems
* because we can and there is no downside to doing so
I'm sure there's stuff which breaks because ~root no longer expands to
/
Yes there probably is but that code would be broken on other systems
that do this as well!
BTW the PSARC case for this is already approved, it just hasn't been
implemented for this exact reason. There are Solaris test suites that
are known to break because of assumptions like this.
--
Darren J Moffat
_______________________________________________
opensolaris-discuss mailing list
[email protected]
