permission of /home/services

Elan Ruusamäe glen at pld-linux.org
Mon Jul 21 10:59:20 CEST 2008 

why it's non readable for everybody:
drwxr-x--x 11 root adm 124 2008-05-28 05:48 /home/services/
?

as i have uid=builder $HOME=/home/services/builder (as i consider it service, not real user).

however such parent dir permission causes some weird problems like:

1.
+ /usr/bin/perl Build.PL destdir=/tmp/B.f3367d/perl-Algorithm-C3-0.07-root-builder installdirs=vendor
/bin/pwd: cannot open directory `../../../..': Permission denied
/bin/pwd: cannot open directory `../../../..': Permission denied
Can't find file lib/Algorithm/C3.pm to determine version at /usr/share/perl5/vendor_perl/Module/Build/Base.pm line 950.
error: Bad exit status from /tmp/B.f3367d/rpm-tmp.79438 (%build)

2.
sudo / su fail with "can't open session" if terminal not attached (ran from cron)

3.
+ /usr/bin/make -j1 -C /usr/src/linux prepare scripts HOSTCC=alpha-pld-linux-gcc SYSSRC=/usr/src/linux SYSOUT=/home/services/builder/rpm/BUILD/svgalib-1.9.25/kernel/svgalib_helper/o 
O=/home/services/builder/rpm/BUILD/svgalib-1.9.25/kernel/svgalib_helper/o CC=alpha-pld-linux-gcc
/bin/pwd: cannot open directory `../../../../../../..': Permission denied
make: Entering directory `/usr/src/linux-2.6.22.19'
Makefile:116: *** output directory "/home/services/builder/rpm/BUILD/svgalib-1.9.25/kernel/svgalib_helper/o" does not exist.  Stop.
make: Leaving directory `/usr/src/linux-2.6.22.19'
error: Bad exit status from /tmp/B.e0971b/rpm-tmp.17143 (%build)

i've tracked down the changes regarding this path, and it's always been 751 without much description why:

http://cvs.pld-linux.org/cgi-bin/cvsweb.cgi/SPECS/FHS.spec.diff?r1=1.85;r2=1.86;f=h djurban: revert my bogus changes, group of services set to adm (751,root,adm)
http://cvs.pld-linux.org/cgi-bin/cvsweb.cgi/SPECS/FHS.spec.diff?r1=1.83;r2=1.84;f=h djurban: add services group for /home/services, this was driving me crazy (751,root,services)
http://cvs.pld-linux.org/cgi-bin/cvsweb.cgi/SPECS/FHS.spec.diff?r1=1.79;r2=1.80;f=h deejay1: readded /home/services (751,root,root)
http://cvs.pld-linux.org/cgi-bin/cvsweb.cgi/SPECS/FHS.spec.diff?r1=1.76;r2=1.77;f=h averne: FHS 2.3 compilant (removed /home/services without a notice)
http://cvs.pld-linux.org/cgi-bin/cvsweb.cgi/SPECS/FHS.spec.diff?r1=1.36;r2=1.37;f=h qboosh: added /home/services directory (751,root,root)

my suggestion is to change it to 755,root,root as i don't see much gain other than security by obscurity
and adding builder user to adm group i don't want to do either. assuming home dir of 'service' should be /home/services.

-- 
glen

More information about the pld-devel-en mailing list