packages in TeXShop (was: Re: [OS X TeX] question regarding spacing after a period)

cfrees at imapmail.org cfrees at imapmail.org
Sat Mar 14 01:04:17 CET 2009


On Sat 14th Mar, 2009 at 00:24, Peter Dyballa seems to have written:

>
> Am 14.03.2009 um 00:08 schrieb <cfrees at imapmail.org>:
>
>> You shouldn't need to exclude anything under a home directory
>> (/private/var/root/, /Users/anything/) as these should not be included
>> by default. I'd be interested to know if PRUNEPATHS works, though. Mac
>> OS X used to ignore it but I haven't checked recently.
>
> No, Clea, you *have* to use it when the job is run as root! When it's run as 
> some user, then it might be true that only the own home directory tree is 
> searched and indexed. (Are your users "things?") And from the periodic 
> scripts the job *is* run as root.

from 500.weekly:

if [ -x /usr/libexec/locate.updatedb ]; then
 	echo ""
 	echo "Rebuilding locate database:"
 	locdb=/var/db/locate.database
 	touch "${locdb}"; chown nobody "${locdb}"; chmod 644 "${locdb}"
 	echo /usr/libexec/locate.updatedb | nice -5 su -fm nobody 2>&1 | sed -e
'/Permission denied/d'
 	chmod 444 "${locdb}"
fi

It runs as nobody - not root.

500.weekly is run as root. locate.database is not.

The whole point of this is to exclude directories which nobody doesn't
have permission to search - including almost everything in user's home
directories, including root's home.

If you have added the running of locate.updatedb to the daily jobs and
are running it as root, then PRUNEPATHS is doing something if it is
keeping the contents of those directories out. But this is not how the
script is run by default and running it in this way is a security risk
or, at least, it is potentially a security risk depending on your
situation. You are running it with root's permissions whereas the default
configuration runs it with nobody's permissions.

This is why locate will not standardly find files in your home
directory - or that of any other user - and it will not reveal the
contents of your home directory to other users on your system.

(Note: that's for Tiger. I can't say about Leopard.)

- cfr





More information about the macostex-archives mailing list