permission of /home/services

Jakub Bogusz qboosh at pld-linux.org
Mon Jul 21 18:01:30 CEST 2008 

On Mon, Jul 21, 2008 at 11:59:20AM +0300, Elan Ruusamäe wrote:
> why it's non readable for everybody:
> drwxr-x--x 11 root adm 124 2008-05-28 05:48 /home/services/
> ?
> 
> as i have uid=builder $HOME=/home/services/builder (as i consider it service, not real user).
> 
> however such parent dir permission causes some weird problems like:
> 
> 1.
> + /usr/bin/perl Build.PL destdir=/tmp/B.f3367d/perl-Algorithm-C3-0.07-root-builder installdirs=vendor
> /bin/pwd: cannot open directory `../../../..': Permission denied
> /bin/pwd: cannot open directory `../../../..': Permission denied
> Can't find file lib/Algorithm/C3.pm to determine version at /usr/share/perl5/vendor_perl/Module/Build/Base.pm line 950.
> error: Bad exit status from /tmp/B.f3367d/rpm-tmp.79438 (%build)
> 
> 2.
> sudo / su fail with "can't open session" if terminal not attached (ran from cron)
> 
> 3.
> + /usr/bin/make -j1 -C /usr/src/linux prepare scripts HOSTCC=alpha-pld-linux-gcc SYSSRC=/usr/src/linux SYSOUT=/home/services/builder/rpm/BUILD/svgalib-1.9.25/kernel/svgalib_helper/o 
> O=/home/services/builder/rpm/BUILD/svgalib-1.9.25/kernel/svgalib_helper/o CC=alpha-pld-linux-gcc
> /bin/pwd: cannot open directory `../../../../../../..': Permission denied
> make: Entering directory `/usr/src/linux-2.6.22.19'
> Makefile:116: *** output directory "/home/services/builder/rpm/BUILD/svgalib-1.9.25/kernel/svgalib_helper/o" does not exist.  Stop.
> make: Leaving directory `/usr/src/linux-2.6.22.19'
> error: Bad exit status from /tmp/B.e0971b/rpm-tmp.17143 (%build)
> 
> i've tracked down the changes regarding this path, and it's always been 751 without much description why:
> 
> http://cvs.pld-linux.org/cgi-bin/cvsweb.cgi/SPECS/FHS.spec.diff?r1=1.85;r2=1.86;f=h djurban: revert my bogus changes, group of services set to adm (751,root,adm)
> http://cvs.pld-linux.org/cgi-bin/cvsweb.cgi/SPECS/FHS.spec.diff?r1=1.83;r2=1.84;f=h djurban: add services group for /home/services, this was driving me crazy (751,root,services)
> http://cvs.pld-linux.org/cgi-bin/cvsweb.cgi/SPECS/FHS.spec.diff?r1=1.79;r2=1.80;f=h deejay1: readded /home/services (751,root,root)
> http://cvs.pld-linux.org/cgi-bin/cvsweb.cgi/SPECS/FHS.spec.diff?r1=1.76;r2=1.77;f=h averne: FHS 2.3 compilant (removed /home/services without a notice)
> http://cvs.pld-linux.org/cgi-bin/cvsweb.cgi/SPECS/FHS.spec.diff?r1=1.36;r2=1.37;f=h qboosh: added /home/services directory (751,root,root)
> 
> my suggestion is to change it to 755,root,root as i don't see much gain other than security by obscurity
> and adding builder user to adm group i don't want to do either. assuming home dir of 'service' should be /home/services.

First track down what is the real problem with pwd. I don't see such
issues with coreutils 6.10 and glibc 2.8. Broken libc on alpha?
Changing permissions would be just hiding it.


-- 
Jakub Bogusz    http://qboosh.pl/

More information about the pld-devel-en mailing list