On 01/10/2018 04:54 PM, William Hubbs wrote:
>
> What are we saying newpath should do differently than checkpath if I
> go this route?
I think this covers everything that we've talked about:
1. It should refuse to modify existing paths.
1.a. If newpath is called on an existing path, and if the requested
owner/permissions agree with the existing set, then do nothing.
This is expected when services restart without a reboot.
1.b. If newpath is called on an existing path, and if the desired
permissions differ from the existing set, then do nothing and
log a warning.
2. It should have a flag (say, --as=<user>[:group]) to make it run as
an unprivileged user. Basically a portable "su -c".
3. It should die if it's used in a directory that is writable by
anyone other than itself or root. (If it's feasible, we might want
to check the parent directories all the way up to the root; if I can
write to "b", then I can write to "e" in /a/b/c/d/e.)
Since newpath can't modify existing paths, the aforementioned "--as"
flag will be needed to avoid this error.
And just to put it out there, this will probably make a lot of people
mad. It discourages you from doing things like setting FOO_USER=foo in
the conf.d file, because you can't "fix" the permissions on things like
/var/log/foo.log if the value of $FOO_USER ever changes. That was
inherently unsafe anyway, but I'll eat my shorts if nobody complains.
(User variables, or RC_SVCNAME, should still work fine work multiple
instances.)
