On Fri, 11.04.14 16:09, Colin Walters (walters@xxxxxxxxxx) wrote: > On Fri, Apr 11, 2014 at 11:33 AM, Martin Langhoff > <martin.langhoff@xxxxxxxxx> wrote: > > > >If you move in this direction, you have to create files/dirs to be > >owned by the daemon user too. Hmm, let's think for a moment what kind of files this actually matters for. In which directories do system users actually own files? That'd be suid/sgid binaries in /usr/bin. That'd be working directories in /run and /var. Anything else? The latter don't sound too bad, since we can allocate them during late boot. The fomer is the messy bit. Maybe the cheap way out is to disallow suid/sgid binaries in /usr/bin for dynamically assigned UIDs/GIDs. I this day and age, are there still good usecases for that? Lennart -- Lennart Poettering, Red Hat -- devel mailing list devel@xxxxxxxxxxxxxxxxxxxxxxx https://admin.fedoraproject.org/mailman/listinfo/devel Fedora Code of Conduct: http://fedoraproject.org/code-of-conduct
