On 04/03/2016 03:21 AM, Steven Haigh wrote:
> Recently I've been using 'yum verify' to examine some storage issues
> with file system corruption (not an SL7 problem). I've been noticing
> that a lot of permissions at runtime get changed - which causes yum
> verify to point these out.
>
> Its my opinion that the permissions that are needed at runtime for
> various things should actually be packaged into the RPMs installed -
> therefore there should be no difference between install time and runtime
> permissions.
>
> For example:
> $ yum verify
> Loaded plugins: fastestmirror, verify
> ==================== Installed Packages ====================
> bind.x86_64 : The Berkeley Internet Name Domain (BIND) DNS (Domain Name
> System) server
>      File: /run/named
>          Problem:  mode does not match
>          Current:  user:wrx, group:wrx, other:---
>          Original: user:wrx, group:-rx, other:-rx
>
> bind-chroot.x86_64 : A chroot runtime environment for the ISC BIND DNS
> server, named(8)
>      File: /var/named/chroot/usr/lib64/bind
>          Problem:  group does not match
>          Current:  root
>          Original: named
>                                     --------
>          Problem:  mode does not match
>          Current:  user:wrx, group:-rx, other:-rx
>          Original: user:wrx, group:-rx, other:---
>
> filesystem.x86_64 : The basic directory layout for a Linux system
>      File: /mnt
>          Problem:  mode does not match
>          Current:  user:-rx, group:-rx, other:-rx
>          Original: user:wrx, group:-rx, other:-rx
> verify done
>
> If you fix these permissions back to the default, then they get changed
> again via the reboot / systemctl stop/start.
>
> My question is, shouldn't these be corrected upstream in the packages
> provided?
>

Getting this corrected upstream makes sense to me.  Can I have you file 
a few bugzillas and put me on the CC list?

Pat