2014/09/22 5:21 "Ansgar Burchardt" <ans...@43-1.org>: > > Hi Joel, > > Joel Rees <joel.r...@gmail.com> writes: > > (6) systemd and cgroups (at minimum) end up overriding the permissions > > system. It's bad enough having SELinux and ACLs brought in to knock > > holes in the permissions system, but when arbitrary non-kernel system > > functions start getting their hands into the equation, there is no way > > to be sure that when you set any particular file under /etc or under > > ~/ -- including /etc/ssh and ~/.shh -- as mode 740, that the effective > > permissions don't end up 666 or 1147. In this case, even pid 1 is a > > group of arbitrary non-kernel functions. > > > > Permissions and race conditions are not the only ways that the > > modularity of these technologies is broken. I'm not going to try to > > enumerate them here. > > I'm interested how use of systemd and cgroups will make a file in > /etc/ssh or ~/.ssh change effective permissions. Could you explain that > in simple, reproducible steps?
When I can, I'll file a bug report. If ever. I know the theory, so I don't use those, so it's not a high priority for me. If you are interested, read the manuals,do the math, it falls out, even though the manuals are written with a certain bias.
