Recently I created an encrypted filesystem (crypto_LUKS
) that serves as $HOME for just one particular user (i.e. I mount it as /home/pduck
). I also added an appropriate entry in /etc/security/pam_mount.conf.xml
so that the partition gets automatically decrypted and mounted when the user logs in (and unmounted when he logs off). Works great.
Because the $HOME is a filesystem on its own, the user has a lost+found
directory owned by root:root in it. I know that deleting the directory is a bad idea but many commands (e.g. find
) complain about having no access. That annoys me.
Out of curiosity I removed the directory and recreated it with mklost+found
(without sudo
). Now the directory is owned by pduck:pduck. Is that ok or is it crucial that the directory is owned by root:root?
Best Answer
Good advice comes with a rationale so that you can tell when it becomes bad advice.
The purpose of
lost+found
being owned by root is so that no matter whose file it was that was lost it's not suddenly exposed to everybody. However, in this case, there shouldn't be a single file in the entire filesystem* not owned by pduck; therefore there is no downside tolost+found
not being owned by pduck.*barring exotic situations like pduck
su
ing to root and running an X application. But if pduck can usesudo
orsu
than we're talking about nothing because pduck can break system security outright.