On Tue, 31 Jul 2007, Lennart Poettering wrote: > On Mon, 30.07.07 21:41, Jim Carter (jimc at math.ucla.edu) wrote: > > ... to just let the sysop turn on the setUID bit, or > > not, and maintain the state via /etc/permissions.local? > > What is /etc/permissions.local? This file is non-existant on Fedora or > Debian/Ubuntu. This may be a SuSE-ism. There is a collection of /etc/permissions... files, including a directory into which packages can drop fragments. Each line of each file gives a filename, an owner:group, and a mode (e.g. 4755). After you install a package using the GUI (YaST2), the package manager does various postprocessing including interpreting these files and changing owners and modes. /etc/permissions.local is for local tweaks, overriding general and package drop-in permissions files. > Files in /usr are the realm of the package manager, not of the > administrator. Thus requiring the user to change SUID bits on files > from that tree is not a good idea. Right: if you just set 4755 then it will revert at the next security patch. That's why SuSE has provided this persistent configuration file. I guess if the permissions script doesn't have an equivalent in other popular distros, customizing the mode is not so attractive. James F. Carter Voice 310 825 2897 FAX 310 206 6673 UCLA-Mathnet; 6115 MSA; 405 Hilgard Ave.; Los Angeles, CA, USA 90095-1555 Email: jimc at math.ucla.edu http://www.math.ucla.edu/~jimc (q.v. for PGP key)
