From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Date: Fri, 18 Sep 2020 14:33:12 +0300 From: "Dmitry V. Levin" To: Arseny Maslennikov Message-ID: <20200918113311.GD29951@altlinux.org> References: <9bca7626b593f896de4283cba2d6290ec99eb4f2.1576183643.git.legion@altlinux.org> <20200917131236.GK286846@cello> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <20200917131236.GK286846@cello> Cc: devel@lists.altlinux.org, Alex Gladkov Subject: Re: [devel] [PATCH hasher-priv v1 1/3] Makefile X-BeenThere: devel@lists.altlinux.org X-Mailman-Version: 2.1.12 Precedence: list Reply-To: ALT Linux Team development discussions List-Id: ALT Linux Team development discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 18 Sep 2020 11:33:12 -0000 Archived-At: List-Archive: List-Post: On Thu, Sep 17, 2020 at 04:12:36PM +0300, Arseny Maslennikov wrote: > On Fri, Dec 13, 2019 at 12:42:03PM +0100, Alex Gladkov wrote: [...] > > @@ -21,6 +21,7 @@ man5dir = $(mandir)/man5 > > man8dir = $(mandir)/man8 > > configdir = $(sysconfdir)/$(PROJECT) > > helperdir = $(libexecdir)/$(PROJECT) > > +socketdir = /var/run > > Why /var/run and not /run, especially in a new project? It's the same thing nowadays, isn't it? > Even further, I would suggest that we store the socket in > /run/hasher-priv or something, setgid hashman, with 0710 rights. The > major service managers can create the directory on startup for us: > there's mkdir(1), there's RuntimeDirectory= and RuntimeDirectoryMode=. I distinctly remember we discussed this the last autumn or winter. Yes, unix domain socket access restrictions should be implemented using directory permissions. -- ldv