On Wed, Dec 03, 2008 at 04:30:06PM -0500, Daniel Andersson
wrote:> I'm running Xapian (1.0.9) and more specifically omega to index a few
> different databases.
>
> After the databases are first indexed (by user A), the dirs get
> chmod'ed to 0777 to allow user B full access to them.
Well, I wouldn't recommend doing that - it means that if an intruder
compromises *any* account of the system they can modify files in these
directories (and of course you need to trust all users on your system
too).
You can achieve the same ends more safely by using 0770 or 0775 and
setting the group to one which user B is in (though the same issue you
identify applies to that situation too).
> Even after the indexing is done, the file "flintlock" still
exists in
> all database dirs. It's owned by user A (perm: -rw-------).
It's not the presence of the file which indicates the lock is held, but
whether the file has an fcntl() lock held on it.
> When user B wants to change something, scriptindex waits until a)
> flintlock is removed OR b) flintlock is chown'ed to user B
>
> Should flintlock remain in all dirs, or is something wrong?
It should remain.
> If it should, how do I change things so that both users can make
> changes to the databases? (basically getting scriptindex to adhere to
> the permissions of the dir/database in question)?
You should be able to `chmod 666 flintlock' (or 660 if you use a group)
after the database has been created, and Xapian shouldn't change the
permissions back (it doesn't in my quick tests).
But I think we probably should just use mode 0666 when creating the lock
file and let the umask do its job, which is what we do for the .DB
files.
Cheers,
Olly