Kyle Evans <kev...@freebsd.org> wrote:
> It might be that the better long-term approach is to teach updatedb.sh
> how to drop privileges and push that out of the periodic script to avoid
> surprises like this from the different execution environments. This
> /feels/ like the kind of thing we could take an opinionated stance on,
> maybe providing an escape hatch of some sort if someone really wants to
> complain that they can't document all filenames on the system.
This is how it already works. It calls locate.updatedb as "nobody", so
only files readable by "nobody" are indexed:
echo /usr/libexec/locate.updatedb | nice -n 5 su -fm nobody || rc=3
