Description of problem: Msec reports the following security warning: Security Warning: these home directory should not be owned by someone else or writable : user=davfs2(490) : home directory is group writable. Version-Release number of selected component (if applicable): msec: 0.80.10 How reproducible: After msec has run, view detailed msec daily log (/var/log/security/mail.daily.today) Steps to Reproduce: 1. 2. 3. Reproducible: Steps to Reproduce:
CC: (none) => vbeffers
Mageia 3 changed to end-of-life (EOL) status 4 months ago. http://blog.mageia.org/en/2014/11/26/lets-say-goodbye-to-mageia-3/ Mageia 3 is no longer maintained, which means that it will not receive any further security or bug fix updates. As a result we are closing this bug. If you can reproduce this bug against a currently maintained version of Mageia please feel free to click on "Version" change it against that version of Mageia and reopen this bug. Thank you for reporting this bug and we are sorry it could not be fixed. -- The Mageia Bugsquad
Status: NEW => RESOLVEDResolution: (none) => OLD
Fresh install from Mageia-5-LiveDVD-KDE4-x86_64-DVD.iso ...confusion persists. msec version: 1.13-1.1.mga5
Status: RESOLVED => REOPENEDCC: (none) => inetcustomer-mageiaComponent: RPM Packages => SecurityVersion: 3 => 5Resolution: OLD => (none)
Component: Security => RPM Packages
@Big YellowHats, @Richard Gee, do either of you make active use of this package (davfs2) on your machine?
CC: (none) => remco
(In reply to Remco Rijnders from comment #3) > @Big YellowHats, @Richard Gee, do either of you make active use of this > package (davfs2) on your machine? AFAIK it was a dependency only. Currently that dependency no longer exists so I have removed the package.
(In reply to Big YellowHats from comment #4) > AFAIK it was a dependency only. Currently that dependency no longer exists > so I have removed the package. Thanks! I think this can easily be fixed, but would like to have an active user of the package confirm it doesn't break anything.
Assignee: bugsquad => mageiatools
*** Bug 13953 has been marked as a duplicate of this bug. ***
CC: (none) => andresalaun
@ shlomi Since you're the registered maintainer of davfs2: /run/mount.davfs2/ is indeed group writeable (I can't find anything else that could be the mentioned home directory). [root@cldrn_64 /]# ls -al /run/ | grep davfs2 drwxrwxr-t 2 root davfs2 40 okt 20 14:33 mount.davfs2/ [root@cldrn_64 /]# However, that's needed because you need to add yourself to the davfs2 group to get it to work. I do not know why root owns the directory. <btw> My webdav mountpoint is in my home directory, with me as owner + group. I do also use Dolphin to access a remote webdav share, but this warning already existed before I started using Dolphin for webdav access. </btw> Is it OK to change this report into a request to suppress that warning, or should first be tried whether having davfs *own* /run/mount.davfs2/ would already be enough to get rid of it? If the latter, do you then mind assigning this report to yourself? Cheers, Marja
CC: (none) => marja11, shlomifVersion: 5 => CauldronWhiteboard: (none) => MGA5TOO
CC: inetcustomer-mageia => (none)