On 6/22/07, Gary Mills <[EMAIL PROTECTED]> wrote:
On Fri, Jun 22, 2007 at 12:34:23PM -0700, ottomeister wrote:
> On 6/21/07, Asad Memon <[EMAIL PROTECTED]> wrote:
> My guess is that someone removed the SRSS directories
> below /tmp/SUNWut, and/or possibly below /var/opt/SUNWut.
It would be really nice if SRSS would create those files someplace
other than in /tmp. /var/run would be better, for example.
This is CR 4525266. It was opened as a low priority request
(basically a "nice to have", not a "need to have") so there's
always been something more pressing to work on. As usual,
if customers tell Sun that this issue is important then there's
more chance that someone will get assigned to work on it.
Personally I'm not keen on /var/run as the new location.
I think of that more as a scratch area for system (root- or
daemon-owned) stuff. I'd prefer to mount a separate
tmpfs at some new location, maybe someplace below
/var/opt.
We normally mount /tmp with the nosuid option as a security precaution;
this prevents the Sun Ray audio devices from working.
Solaris now differentiates between setid-executable and
device-node access, so if you're really only worried about
setid executables appearing in /tmp you could use
'nosetuid' rather than 'nosuid' to let the audio devices
work. Or is it that you don't want to allow devices in /tmp
at all but would be willing to allow them in an
SRSS-managed mount at some other location?
We also
normally remove day-old files in /tmp to prevent users from using
it for storage of files. Clever users could create directories
called SUNWut to get around this procedure.
You could deal with that by taking into account that the
SRSS-created /tmp/SUNWut is owned by root. I think the
only not-a-device things below /tmp/SUNWut that aren't
owned by root are the mount directories for mass storage
devices, and any files that are on mounted mass storage
devices.
I suppose that if you want to prevent people from storing
long-term files in the SUNWut device/mount tree,
regardless of where it might be rooted, then your tidy
script should walk the SRSS mountpoint parent
directories while taking care to not descend through a
mount point and start removing files from someone's
personal USB flash gizmo.
OttoM.
__
ottomeister
Disclaimer: These are my opinions. I do not speak for my employer.
_______________________________________________
SunRay-Users mailing list
[email protected]
http://www.filibeto.org/mailman/listinfo/sunray-users
