Re: [Nautilus-list] Medusa and /com



On Thu, Mar 29, 2001 at 11:00:25AM +0100, Ross Burton wrote:
> 
> Why does medusa create a /com directory? What's wrong with /usr/share or
> /etc?
> 
> Nothing major, I just object to programs taking over the root of the
> file tree.
> 
> Ross

The /com directory has been very controversial but little has been
said about what is inside it because nobody understands it. 

The notion of /com/medusa/enabled_users_file

is systems administration though insecure election.

Any user on the sytem can choose to enable a root proccess to run
and index the hard drive.  Any user could also disable this.  The user
interface is setup so as long as one person wants this to happen it 
will, but there is no security on the file, so any user can blank it
out and effectivly disable it.

This really is common data.  It really is outside of the scope of UNIX
permissions, which are much more dictatorial.  This should not be in
/share as it cannot be shared data.  Perhaps it should be in var, as it
is variable data, but it is also a configuration file.

automake has a notion of this kind of data with a directive called
sharedstatedir, the default for automake is /com.  As there is no
proper place to put this data we currently use the autmake default.

Personally I remove the /com directory on most of my systems that I
install medusa on, because I think the thing is full of unresolved
security issues.

So my opinion is the enabled_users_file should be elimated and with
it the /com directory should go away.  The correct way this should be
done is the user should be prompted with the root password when they
enable indexing from within nautilus and this can use something like
eazel-helper to do this.

-R*S





[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]