Recently I've been using 'yum verify' to examine some storage issues
with file system corruption (not an SL7 problem). I've been noticing
that a lot of permissions at runtime get changed - which causes yum
verify to point these out.

Its my opinion that the permissions that are needed at runtime for
various things should actually be packaged into the RPMs installed -
therefore there should be no difference between install time and runtime
permissions.

For example:
$ yum verify
Loaded plugins: fastestmirror, verify
==================== Installed Packages ====================
bind.x86_64 : The Berkeley Internet Name Domain (BIND) DNS (Domain Name
System) server
    File: /run/named
        Problem:  mode does not match
        Current:  user:wrx, group:wrx, other:---
        Original: user:wrx, group:-rx, other:-rx

bind-chroot.x86_64 : A chroot runtime environment for the ISC BIND DNS
server, named(8)
    File: /var/named/chroot/usr/lib64/bind
        Problem:  group does not match
        Current:  root
        Original: named
                                   --------
        Problem:  mode does not match
        Current:  user:wrx, group:-rx, other:-rx
        Original: user:wrx, group:-rx, other:---

filesystem.x86_64 : The basic directory layout for a Linux system
    File: /mnt
        Problem:  mode does not match
        Current:  user:-rx, group:-rx, other:-rx
        Original: user:wrx, group:-rx, other:-rx
verify done

If you fix these permissions back to the default, then they get changed
again via the reboot / systemctl stop/start.

My question is, shouldn't these be corrected upstream in the packages
provided?

-- 
Steven Haigh

Email: [log in to unmask]
Web: https://www.crc.id.au
Phone: (03) 9001 6090 - 0412 935 897