Linus Torvalds wrote on Wed, Jan 16, 2019: > *Very* few people want to run their databases as root. In the case of happycache, this isn't the database doing the dump/restore, but a separate process that could have the cap - it's better if we can do without though, and from his readme he runs as user cassandra in the /var/lib/cassandra directory for example so that'd match the file owner. For pgfincore, it's a postgres extension so the main process does it - but it does have files open as write as well as being the owner. > Jiri's original patch kind of acknowledged that by making the new test > be conditional, and off by default. So then it's a "only do this for > lockdown mode, because normal people won't find it acceptable". > > And I'm not a huge fan of that approach. If you don't protect normal > people, then what's the point, really? I agree with that. "Being owner or has cap" (whichever cap) is probably OK. On the other hand, writeability check makes more sense in general - could we somehow check if the user has write access to the file instead of checking if it currently is opened read-write? -- Dominique
