https://bugzilla.redhat.com/show_bug.cgi?id=1389091 --- Comment #2 from Nathaniel McCallum <npmccallum@xxxxxxxxxx> --- tang.x86_64: W: no-documentation tang.x86_64: W: non-standard-uid /var/cache/tang tang tang.x86_64: W: non-standard-gid /var/cache/tang tang tang.x86_64: E: non-standard-dir-perm /var/cache/tang 750 tang.x86_64: W: non-standard-uid /var/db/tang tang tang.x86_64: W: non-standard-gid /var/db/tang tang tang.x86_64: E: non-standard-dir-perm /var/db/tang 2570 tang.x86_64: W: non-standard-dir-in-var db These need some explaining. Tang has a "human readable" database in /var/db/tang. You stick key files in that directory. When the directory changes, systemd fires /usr/libexec/tangd-update. This regenerates the "computer readable" database in /var/cache/tang. The tangd-update script runs as the tang user and reads from /var/db/tang and writes to /var/cache/tang. The tangd process reads from /var/cache/tang exclusively. Thus, users who have access to keys get membership in the tang group. They can create/remove files in /var/db/tang. Since this directory is setuid, everyone else in the group can manage the keys as well. -- You are receiving this mail because: You are on the CC list for the bug. You are always notified about changes to this product and component _______________________________________________ package-review mailing list -- package-review@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe send an email to package-review-leave@xxxxxxxxxxxxxxxxxxxxxxx