[Top][All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [lmi] Sharing git repositories

From: Vadim Zeitlin
Subject: Re: [lmi] Sharing git repositories
Date: Thu, 5 Mar 2020 01:51:59 +0100

On Thu, 5 Mar 2020 00:26:20 +0000 Greg Chicares <address@hidden> wrote:

GC> On 2020-03-04 21:32, Vadim Zeitlin wrote:
GC> [...]
GC> > GC> As for some-chroot/usr/sbin/policy-rc.d, we discussed that here:
GC> > GC>   https://lists.nongnu.org/archive/html/lmi/2020-02/msg00015.html
GC> > GC> and I think we concluded that 'chmod 755' was good there, although
GC> > GC> upon careful re-reading it looks like you preferred '775', with
GC> > GC> '7' in the middle so that system pseudo-users can run it, right?
GC> > 
GC> >  Did I? If so, I must have been confused because 775 is sufficient for
GC> > this anyhow...
GC> At that moment, this file had 0771 permissions due to a number of
GC> changes that have since been reverted, and you said:
GC> |  I'm not really sure about this. In principle, it doesn't seem implausible
GC> | that some script might want to execute this script as some system user,
GC> | using some system group (e.g. Debian-exim:mail to give a random example)
GC> | and would fail to do its permissions because, even though it has "x" bit
GC> | set for all users, it doesn't allow non-root non-lmi users to read it and
GC> | shell scripts need to be readable in order to be executable. Of course,
GC> | such scenario might never occur, but if it does, and some software package
GC> | doesn't realize that it's being executed inside a chroot, it might result
GC> | in some difficult to diagnose and debug problems.
GC> | 
GC> |  So I would feel better if the file had 0775 permissions.

 OK, thanks for recovering my thought process to me. Looking at this now, I
think I understand what I was saying and the important part here was really
the "5" at the end, not "7" in the middle.

GC> and then, later on:
GC> |  What I don't understand is why can't you just do "chmod 755" on it? Is
GC> I committed 0755, but were you really arguing for 0775?

 No, I think 755 is fine, there doesn't seem to be any reason to make this
file group-writable.

 So I believe we can consider at least this sub-branch of this thread fully
resolved -- and without anything needing to be done, as everything is
already just fine.


Attachment: pgp91Koi1rqh9.pgp
Description: PGP signature

reply via email to

[Prev in Thread] Current Thread [Next in Thread]