Karel Zak <kzak@xxxxxxxxxx> wrote: > On Mon, Jun 29, 2009 at 09:33:44PM -0400, Theodore Ts'o wrote: > > > > There was a very good reason why uuid state files were in > > /var/lib/libuuid instead of /var/run/uuidd. Some distributions wipe all > > of /var/run on reboot. The problem is for security reasons uuidd has to > > run as the libuuid user --- and the problem is directory needs to be set > > I think the scenario when the library is starting the daemon is > very odd and should be reviewed ;-) > > Is there any Linux distribution with the setuid uuidd? Suse and > Fedora/RHEL use init scripts and fork()+exec() in the library is > waste of time. SUSE does not use setuid by default, but it is supported. (there is a specific README in SUSE about how to enable this). The security team rejected the setuid setting by default, since the use case was rare und for very specific needs (remember the daemon is only necessary if you have to produce time based UUIDs which need to have the guarantee to be unique. This is a demand of some Enterprise customers and the former fix for libuuid was a rather ugly patch, which I was happy to get rid of). The SUSE init script supports two modes of operation: If you set UUIDD_ON_DEMAND_ONLY=yes in /etc/sysconfig/uuidd the daemon is not started by the init script, but started by the library on demand. Note, the daemon has also an option for a timeout, where it quits after running a time unused. If you want to disable the automatic startup, you'll also have to disable the timeout option. I think the on-demand startup and quit after running a specific time unused is a nice feature, why get rid of it? Are there any technical reasons why this scenario is odd in a way that it shouldn't be supported? Matthias -- To unsubscribe from this list: send the line "unsubscribe util-linux-ng" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
