On Jun 6, 2011, at 4:11 AM, Lukasz Janyst wrote:
> Hi Brian,
>
> 2011/6/2 Brian Bockelman <[log in to unmask]>:
>> I noticed the following lines:
>>
>> %attr(-,xrootd,xrootd) %config(noreplace) %{_sysconfdir}/%{name}/xrootd-clustered.cfg
>> %attr(-,xrootd,xrootd) %config(noreplace) %{_sysconfdir}/%{name}/xrootd-standalone.cfg
>> %attr(-,xrootd,xrootd) %config(noreplace) %{_sysconfdir}/sysconfig/%{name}
>>
>> (and corresponding ones for user daemon). I think it's an issue to have the service configuration file owned by the same user as the service itself. The running daemon should not have permission to write to its own configuration file.
>>
>> There's plenty of precedence here: do an "ls -l" on /etc. At least locally, all files are owned by root.
>
> Well, it has been done this way to fulfill the requirement of
> letting a non-root user to change the configuration files of the
> daemon. Quite honestly, I find this requirement silly: I cannot really
> imagine a cluster admin who would allow her users run a distributed
> storage system unsupervised...
>
Let's make this a switch someone can throw in the RPMs at build time then: certainly it's not a recommended practice.
Brian
