Looking over some fixes I had made for 8.1 I found this one wasn't submitted yet: The permissions are too open on these files: -rw-rw-rw- 1 www other 6 Aug 31 19:32 /var/opt/dirsrv/slapd-hptem280/run/slapd-hptem280.pid -rw-rw-rw- 1 www other 6 Aug 31 19:31 /var/opt/dirsrv/slapd-hptem280/run/slapd-hptem280.startpid -rw-rw-rw- 1 www other 0 Aug 31 19:31 /var/opt/dirsrv/slapd-hptem280/lock/server/22298 I'd like to change them to be writable only by the owner (644). They should remain readable by all since they may serve in an advisory role to other processes that need to determine if it's running.
Created attachment 450592 [details] patch proposal
Comment on attachment 450592 [details] patch proposal Looks good to me.
Thanks to Ulf for submitting the patch. commit 81fe698ca04d1dccc23e8099003521471120bacf Author: Noriko Hosoi <nhosoi> Date: Fri Oct 29 09:43:52 2010 -0700 Bug 638773 - permissions too loose on pid and lock files https://bugzilla.redhat.com/show_bug.cgi?id=638773 Description: This patch changes the permissions of the pid and lock files to be writable only by the owner (0644). They should remain readable by all since they may serve in an advisory role to other processes that need to determine if it's running. Checking in this patch on behalf of Ulf Weltman (ulf.weltman). Pushed to master. $ git merge work Updating d46f51d..81fe698 Fast-forward ldap/servers/slapd/daemon.c | 10 ++++++---- ldap/servers/slapd/main.c | 10 ++++++---- ldap/servers/slapd/protect_db.c | 6 +++--- 3 files changed, 15 insertions(+), 11 deletions(-) $ git push Counting objects: 15, done. Delta compression using up to 4 threads. Compressing objects: 100% (8/8), done. Writing objects: 100% (8/8), 1.15 KiB, done. Total 8 (delta 6), reused 0 (delta 0) To ssh://git.fedorahosted.org/git/389/ds.git d46f51d..81fe698 master -> master
Checked on RHEL machine ========================== root@rheltest opt]# ls -l /var/run/dirsrv/admin-serv.pid -rw-------. 1 root root 5 May 13 20:34 /var/run/dirsrv/admin-serv.pid [root@rheltest opt]# ls -l /var/run/dirsrv/admin-serv.pid -rw-------. 1 root root 5 May 13 20:34 /var/run/dirsrv/admin-serv.pid [root@rheltest opt]# ls -l /var/lock/dirsrv/slapd-rheltest/server/2047 -rw-r--r--. 1 nobody nobody 0 May 16 11:52 /var/lock/dirsrv/slapd-rheltest/server/2047