Hi, > That sounds like a bug in gwenview; why would it try to walk the tree?
I aggree, that there is a bug in gwenview, but I beleive it is also pam_tmpdir bug (maybe not very important but still a bug). By default both / and /tmp are world readable. Many programs was not tested with unreadable $TMP parent. Some of them may have bugs that may be triggered by pam_tmpfs installation. Find and fix all such bugs will be very time consuming task. Also pam_tmpdir may be installed by package dependencies, so user may not even notice change that caused the bug. Changing permissions of /tmp/user in pam_tmpdir package, to 755 will not reduce security mutch, but will stop triggering bugs in other packages by default. > If you precreate the directory before pam_tmpdir is invoked, the > permissions aren't changed. Pre-creating /tmp/user by local admin is a possible workaround. Local admin may create rc.d script or systemd unit that creates /tmp/user with desired permissions, but would not providing such a script by the package itself be a better solution? -- Andrey Bondarenko
