Permissions for shared libraries in Kerberos

Benjamin Kaduk kaduk at
Thu Nov 26 14:06:26 EST 2020

On Wed, Nov 18, 2020 at 03:04:27PM -0500, Greg Hudson wrote:
> On 11/18/20 11:31 AM, Ken Hornstein wrote:
> > I'm wondering if Kerberos should simply default to installing shared
> > libraries as mode 755/555 everywhere, unless there is a reason to do
> > otherwise.
> I think that would be reasonable.  As Russ noted, system policies differ
> on this point, but toolchains (including libtool) seem to tend in the
> direction of setting the executable bit, and the system policies are
> decided at the packaging level.
> The way our build system has this set up is per-platform; it's currently
> +x on HPUX (if building on HPUX even still works) and -x everywhere
> else.  So we could make the change globally, or just for Linux platforms.

They end up shared on FreeBSD (via packaging) as well, though I'm not the
package maintainer for that one and didn't fully track down exactly where
that happens.  (The default INSTALL_LIB specifies a file mode to use, but
it was not entirely clear to me that we actually honor INSTALL_LIB just
from a `git grep`.)


More information about the krbdev mailing list