Recently I created an encrypted filesystem (crypto_LUKS) that serves as $HOME for just one particular user (i.e. I mount it as /home/pduck). I also added an appropriate entry in /etc/security/pam_mount.conf.xml so that the partition gets automatically decrypted and mounted when the user logs in (and unmounted when he logs off). Works great.
Because the $HOME is a filesystem on its own, the user has a lost+found directory owned by root:root in it. I know that deleting the directory is a bad idea but many commands (e.g. find) complain about having no access. That annoys me.
Out of curiosity I removed the directory and recreated it with mklost+found (without sudo). Now the directory is owned by pduck:pduck. Is that ok or is it crucial that the directory is owned by root:root?
Best Answer
Good advice comes with a rationale so that you can tell when it becomes bad advice.
The purpose of
lost+foundbeing owned by root is so that no matter whose file it was that was lost it's not suddenly exposed to everybody. However, in this case, there shouldn't be a single file in the entire filesystem* not owned by pduck; therefore there is no downside tolost+foundnot being owned by pduck.*barring exotic situations like pduck
suing to root and running an X application. But if pduck can usesudoorsuthan we're talking about nothing because pduck can break system security outright.