Ubuntu
findutils package

/etc/cron.daily/locate script runs as wrong user

Bug #1681103 reported by Shedros on 2017-04-08

This bug affects 1 person

Affects		Status	Importance	Assigned to	Milestone
	findutils (Ubuntu)	Invalid	Undecided	Unassigned

Bug Description

The /etc/cron.daily/locate script runs as wrong user. In the package the line says LOCALUSER="nobody" but it should be LOCALUSER="root" because if the "updatedb" script runs as nobody a lot of files can't be indexed because nobody hasn't the right to view all system files.

The information I should provide regarind the guidelines

# lsb_release -rd
Description: Ubuntu 16.04.2 LTS
Release: 16.04

# apt-cache policy locate
locate:
  Installed: 4.6.0+git+20160126-2
  Candidate: 4.6.0+git+20160126-2
  Version table:
*** 4.6.0+git+20160126-2 500
        500 http://mirror.hetzner.de/ubuntu/packages xenial/universe amd64 Packages
        500 http://de.archive.ubuntu.com/ubuntu xenial/universe amd64 Packages
        100 /var/lib/dpkg/status

Revision history for this message

Andreas Metzler (k-launchpad-downhill-at-eu-org) wrote on 2017-04-16:

> "updatedb" script runs as nobody a lot of files can't be indexed because nobody hasn't the right
> to view all system files.

And that is a good thing. The locate-database is public. It must not contain data that is not public, i.e. contents of directories that cannot be listed by non-privileged users.

Changed in findutils (Ubuntu):
status:	New → Invalid

Report a bug

This report contains Public information

Everyone can see this information.

You are

Subscribing...

Edit bug mail

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.

Ubuntufindutils package

/etc/cron.daily/locate script runs as wrong user

Bug Description

Other bug subscribers

Remote bug watches

Ubuntu
findutils package