The Loeki schrieb:
Hi all,
In the head of the /opt/SUNWkio/lib/utils.sh the variable
KIOSK_DEFAULT_PROTOS_DIIR is declared. It is my conviction that what's
actually meant is the KIOSK_DEFAULT_PROTOS_DIR :-)
Thanks for noticing.
My first question is whether it's a huge problem to relay
KIOSK_DEFAULT_TMP_DIRS from "/tmp /var/tmp" to, say, "/tmp/SUNWkio
/var/tmp/SUNWkio"?
First: If you do want to change this, please set KIOSK_TMP_DIRS in
/etc/opt/SUNWkio/kioskrc. Please note that even changes to kioskrc are
currently not supported and may be clobbered by installation of patches
that include the SUWNkior package. But it is much better than changing
the code in installed scripts.
Whether the change is a problem depends on what your session does. What
the temp dir cleanup should really do is prevent information leaks from
one kiosk session to a later one that reuses the same user account.
If users of your kiosk session may explicitly or implicitly create and
subsequently reread temp files with non-trivial information, then that
could be a concern. If that is not the case for your kiosk sessions (the
"Sun Ray Windows Connector Kiosk" session probably qualifies), then you
can change the value to "/var/tmp/dummy" (just point to whatever empty
directory).
First of all, the cleanup scripts do a find across these tmp dirs,
thereby seeking and parsing through /tmp/SUNWut, which, in our
experience, can be pretty dangerous (and is next to useless anyway, as
no kiosk cleanup script ought to do cleanup there).
The basic kiosk subsystem is architecturally independent and agnostic of
Sun Ray. Thus it doesn't 'know' about /tmp/SUNWut. And arguably the data
in /tmp/SUNWut really doesn't belong into /tmp...
That said, some problems with kiosk cleanup /tmp/SUNWut are well-known.
If you report and escalate your problem through your Sun support
contact, that may help make a fix happen.
Secondly I'd like to keep it separated from the 'main' tmp in order to
keep things nice, clean, ordered and organised.
The selection of /tmp and /var/tmp is motivated by the fact that these
are world writable, so in general kiosk users may leave files there
either accidentally (information leak) or on purpose (to affect
subsequent sessions). Cleaning that data is primarily motivated by
security considerations. And if there are more world-writable
directories on your system, they should even be added.
- Jörg
_______________________________________________
SunRay-Users mailing list
[email protected]
http://www.filibeto.org/mailman/listinfo/sunray-users
