On Mon, Nov 01, 2021 at 11:31:13AM +0800, Paul Wise wrote: >> #2 isn't possible; the file could be on a remote filesystem, with >> arbitrarily complex and hidden ACLs > I guess there are no libraries to simulate the result of a Linux kernel > permissions check in userspace & doing that in plocate is too complex.
Again, you're not even guaranteed that you _know_ which ACLs are in force, if the filesystem is remote. Nor that they are anything that the Linux kernel understands. >> (and they may have been changed since updatedb time). > I feel like it is reasonable to do the access test based on the > permissions at the time of the updatedb run. I would disagree, sorry. >> Is this a real problem, or just nice-to-have? > I guess skipping stat when root will be a lot faster when there are a > lot of files matched by the plocate query. That's not my question. Is this a real problem you're having, that you're doing locate as root and that it's markedly slow due to all the stat calls? I'm sure skipping them will be _faster_, but I don't add new code just for fun (especially code that's skipping security checks); I'd like to know that it solves someone's real problem somewhere. I could probably port the --require-visibility 0 option to the plocate client and then have that drop root privileges, but it sounds very niche to me. /* Steinar */ -- Homepage: https://www.sesse.net/
