>Number:         15461
>Category:       install
>Synopsis:       /var/spool/lock has inconvenient permissions
>Confidential:   no
>Severity:       non-critical
>Priority:       low
>Responsible:    install-manager
>State:          open
>Class:          change-request
>Submitter-Id:   net
>Arrival-Date:   Sat Feb 02 04:46:00 PST 2002
>Closed-Date:
>Last-Modified:
>Originator:     Ingolf Steinbach
>Release:        NetBSD 1.5.3_ALPHA
>Organization:
none
>Environment:
System: NetBSD helios 1.5.3_ALPHA NetBSD 1.5.3_ALPHA (HELIOS) #0: Sat Jan 26 19:29:23 CET 2002 ingolf@helios:/usr/obj/sys/arch/i386/compile/HELIOS i386
Architecture: i386
Machine: i386
>Description:
	The /var/spool/lock directory is installed with write permissions
	for user uucp only (mode 0755, owner uucp:daemon). As there are not
	only uucp related directories in /var/spool, other daemons (e.g. a
	news or ftp daemon) should be able to acquire locks in this
	directory, too.

	Better permissions would be mode 0775 and maybe owner daemon:daemon.
>How-To-Repeat:
	Try to acquire a lock in /var/spool/lock as user news.
>Fix:
	Apply the following patch
Index: etc/mtree/NetBSD.dist
===================================================================
RCS file: /cvsroot/basesrc/etc/mtree/NetBSD.dist,v
retrieving revision 1.110.2.10
diff -u -r1.110.2.10 NetBSD.dist
--- NetBSD.dist	2001/05/09 22:29:46	1.110.2.10
+++ NetBSD.dist	2002/02/02 12:43:26
@@ -2218,7 +2218,7 @@
 ..
 
 # ./var/spool/lock
-lock		uname=uucp gname=daemon
+lock		uname=daemon gname=daemon mode=0775
 # ./var/spool/lock
 ..
 
>Release-Note:
>Audit-Trail:
>Unformatted: