12

The locate command is very useful tool on Linux, but it seems only root can run updatedb command which is very unconvinent to use it. So how to make ordinary user to have the priviledge to run updatedb command?

updatedb is the command use to update the db used by locate command.

But there is the following error message when try to run updatedb as ordinary user:

[mirror@home code]$ updatedb
updatedb: can not open a temporary file for `/var/lib/mlocate/mlocate.db'

Or:

updatedb -o db
updatedb: can not change group of file `/var/lib/gforge/chroot/home/users/bigmeow/tmp/db.uhEZFQ': Operation not permitted
kenorb
  • 24,736
  • 27
  • 129
  • 199
hugemeow
  • 2,249
  • 7
  • 29
  • 38

3 Answers3

20

Edit the command to:

updatedb --require-visibility 0 -o ~/.locate.db

from "updatedb (8)":

-l, --require-visibility FLAG

Set the 'require file visibility before reporting it' flag in the generated database to FLAG.

If FLAG is 0 or no, or if the database file is readable by "others" or it is not owned by slocate, locate(1) outputs the database entries even if the user running locate(1) could not have read the directory necessary to find out the file described by the database entry.

If FLAG is 1 or yes (the default), locate(1) checks the permissions of parent directories of each entry before reporting it to the invoking user. To make the file existence truly hidden from other users, the database group is set to slocate and the database permissions prohibit reading the database by users using other means than locate(1), which is set-gid slocate.

Note that the visibility flag is checked only if the database is owned by slocate and it is not readable by "others".

Andrea
  • 1,516
  • 4
  • 17
  • 19
user292632
  • 301
  • 2
  • 2
  • you explain what the `--require-visibility` flag is... but maybe you could explain a little bit about why? like why not just do what @xaizek is doing and generate the database in a location your user has permission without using the `--require-visibility` flag? – Trevor Boyd Smith Nov 29 '18 at 15:28
  • later on in the man page there is an answer to my question: `SECURITY Databases built with --require-visibility no [tbs: or 0] allow users to find names of files and directories of other users, which they would not otherwise be able to do.` – Trevor Boyd Smith Nov 29 '18 at 15:39
4

Here are all the steps to have a complete solution (tested in Centos 6.5)

1) generate the db:

updatedb --require-visibility 0 -o ~/.locate.db

2) use the db:

locate --database=/full/path/to/.locate.db (does not work with ~)
or
locate --database=.locate.db

3) create an alias:

alias mylocate='locate --database=/full/path/to/.locate.db'

4) use your locale locate db:

mylocate <my pattern>
Yann Sagon
  • 159
  • 1
  • 1
    use `$HOME` instead of `~`, or just get rid of the `=`. both of the following will work: `locate --database ~/.locate.db` or `locate --database=$HOME/.locate.db`. see this thread: https://stackoverflow.com/questions/11587343/difference-between-home-and-tilde – ardnew Jul 18 '17 at 16:19
3

You can just create database in home with -o argument of updatedb:

updatedb -o ~/.locate.db

And use it with slocate like this:

slocate --database=~/.locate.db <pattern>

You probably want to define an alias for slocate --database=~/.locate.db.

xaizek
  • 1,151
  • 9
  • 18
  • 1
    in fact even with -o option, i failed, why? updatedb -o dbdb updatedb: can not change group of file `/home/mirror/tmp/dbdb.zwHn1W': Operation not permitted – hugemeow Sep 19 '12 at 15:06
  • 1
    @hugemeow not sure why it happens. Maybe /mirror/tmp was mounted with non-standard options, which forbid updatedb to change group. Though it createsd database file with `xaizek:users` owner:group pair for me, so group is the default one. You can also check options in `/etc/updatedb.conf` file. – xaizek Sep 19 '12 at 19:26
  • do i have to use slocate rather than locate? cannot find slocate on centos... – hugemeow Oct 14 '12 at 02:12
  • 1
    @hugemeow `slocate` is a more secure version of old `locate`. I think centos should have `slocate` installed with name `locate`. Anyway, there should be no differences in your case, and basically in most possible cases (on Slackware `locate` is just a symbolic link to `slocate`). – xaizek Oct 14 '12 at 08:40
  • somebody told me mlocate is better than slocate:( btw, why i cannot find source code of slocate, i wanna build it from source... – hugemeow Oct 14 '12 at 14:20
  • 1
    @hugemeow It's written that `mlocate` should be faster, but still compatible with `slocate`. I'm not sure if it's the reason. If you wan't to try `slocate`, which site isn't working, download sources from one of Slackware mirrors, they include sources of the packages: [see here](http://mirror.aarnet.edu.au/pub/slackware/slackware-current/source/a/slocate/). – xaizek Oct 14 '12 at 18:55
  • why command `updatedb -o db` not works? – hugemeow Oct 15 '12 at 09:26
  • seem edit1, why `updatedb -o db` failed after running for about two minutes? – hugemeow Oct 15 '12 at 09:34
  • @hugemeow Maybe it's easier to ask system administrator to add you to `slocate` (or `mlocate`) group? Even if group can't be changed, the file is there, so you should be able to use it (`updatedb` probably didn't remove, did it?). – xaizek Oct 15 '12 at 13:37