I actually responded to this a while ago. But the list ate my message because I said too much and passed the 4k limit and the message was discarded without review. I will keep this one short. Marco Colombo wrote: > Bob Proulx wrote: > > Both /tmp and /var/tmp will be protected with the +t bit. > > How would the +t prevent people from reading things or executing suid > files or adding content to writable directories/files? Let's break that question down into pieces... The 't' bit will prevent people from adding content to directories and files and will prevent people from removing files. This is the important point. Files in a directory with the 't' bit can only be removed or renamed by the owner of the file or by root. (Of course there is never any protection from root since the superuser always has full permissions.) But with a normal umask of 022 (or 02 on a UPG system) then files will be created that are writable only by the user and will prevent others from modifying those files. The /tmp and /var/tmp directories are normally this way because so many system and user processes place temporary files there. If one user were allowed to remove or rename other user's files there then many attacks would be possible. The 't' bit will have no effect on preventing people from reading files. Fortunately this should never be required. You are building an rpm package for distribution. Which means people will be able to get a copy of that file. Anything in that file will be visible to the user. I can always unpack the file with rpm2cpio and get access to the raw bits. If you actually have a case where you don't want people to see something that you are packaging and are going to try to keep the rpm package private then that is way outside the normal case. In that case you should probably build on a private machine without access of any type by other people. The 't' bit will have no effect on preventing people from executing suid files. But you should NOT have any setuid files in your build root. Instead you should be using the %attr() functionality of the spec file to set any special permissions you need at rpm install time. Bob
