On 10/04/16 12:05, Steven Haigh wrote:
> On 04/04/16 23:48, Pat Riehecky wrote:
>> On 04/03/2016 03:21 AM, Steven Haigh wrote:
>>> Recently I've been using 'yum verify' to examine some storage issues
>>> with file system corruption (not an SL7 problem). I've been noticing
>>> that a lot of permissions at runtime get changed - which causes yum
>>> verify to point these out.
>>>
>>> Its my opinion that the permissions that are needed at runtime for
>>> various things should actually be packaged into the RPMs installed -
>>> therefore there should be no difference between install time and runtime
>>> permissions.
>>>
>>> For example:
>>> $ yum verify
>>> Loaded plugins: fastestmirror, verify
>>> ==================== Installed Packages ====================
>>> bind.x86_64 : The Berkeley Internet Name Domain (BIND) DNS (Domain Name
>>> System) server
>>> File: /run/named
>>> Problem: mode does not match
>>> Current: user:wrx, group:wrx, other:---
>>> Original: user:wrx, group:-rx, other:-rx
>>>
>>> bind-chroot.x86_64 : A chroot runtime environment for the ISC BIND DNS
>>> server, named(8)
>>> File: /var/named/chroot/usr/lib64/bind
>>> Problem: group does not match
>>> Current: root
>>> Original: named
>>> --------
>>> Problem: mode does not match
>>> Current: user:wrx, group:-rx, other:-rx
>>> Original: user:wrx, group:-rx, other:---
>>>
>>> filesystem.x86_64 : The basic directory layout for a Linux system
>>> File: /mnt
>>> Problem: mode does not match
>>> Current: user:-rx, group:-rx, other:-rx
>>> Original: user:wrx, group:-rx, other:-rx
>>> verify done
>>>
>>> If you fix these permissions back to the default, then they get changed
>>> again via the reboot / systemctl stop/start.
>>>
>>> My question is, shouldn't these be corrected upstream in the packages
>>> provided?
>>>
>>
>> Getting this corrected upstream makes sense to me. Can I have you file
>> a few bugzillas and put me on the CC list?
>
> Ok, I've finally gotten around to doing this - the excitement of an IPv6
> deployment across all my kit at home just had to be done first ;)
>
> I've added you to the CC list on the two I've filed - I figure submit
> two as canaries to see what the feedback / result will be and go from
> there...
Sorry - for the reference of the list:
https://bugzilla.redhat.com/1325620
https://bugzilla.redhat.com/1325621
--
Steven Haigh
Email: [log in to unmask]
Web: https://www.crc.id.au
Phone: (03) 9001 6090 - 0412 935 897
|