Simo Sorce wrote: >> Usage for /home on NFS: >> - NFS is automatically excluded by clients, so updatedb on clients >> does not walk the filesystem. >> - On the server: >> Add /srv/home to /etc/sysconfig/mlocate. If /srv/home is not a >> separate mount point, add LOCATE_PATH=:/srv/home/.mlocate/mlocate.db >> to the global environment. > > I am deeply concerned about the security implications of this idea. > You are basically making it possible for everyone to get access to the > complete remote FS layout ??? In the local case, mlocate.db contains the whole directory structure as read by the root user. Local security is based on unix permissions: the locate.db is not readable to normal users and the locate binary is set-gid locate. Remote databases exported in NFS shares cannot of course use this trick becausae it requires trusting the remote root of all clients. A solution could be crawling the filesystem as user nobody to avoid disclosing private information, but this would make the shared locate.db completely useless to index home directories. How did Apple solve the problem with Spotlight? Spotlight also stores its database in the root directory of all volumes, including flash pens and remote NFS shares. -- // Bernardo Innocenti - Develer R&D dept. \X/ http://www.develer.com/ -- fedora-devel-list mailing list fedora-devel-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/fedora-devel-list
