I get the following message emailed to root on a Gentoo/FreeBSD system running vixie-cron: >>> WARNING >>> Executing updatedb as root. This WILL reveal all filenames >>> on your machine to all login users, which is a security risk. This seems like something that should be avoided as default behavior. The offending job is /etc/cron.daily/locate.updatedb, which runs /usr/libexec/locate.updatedb, which outputs the error message when run as root. Perhaps an updatedb user could be added to run this file as its shell, and the cron could run "su updatedb" Reproducible: Always
Replacing the cron crommand with "echo /usr/libexec/locate.updatedb | nice -n 5 su -fm nobody" would work for you?
I tried, and it gave me /usr/libexec/locate.updatedb: cannot create /var/db/locate.database: Permission denied
Please touch the file and make it owned by nobody ~ # touch /var/db/locate.database ~ # chwon nobody:nobody /var/db/locate.database
Works for me now.
+ 05 Jan 2014; Naohiro Aota <naota@gentoo.org> files/locate-updatedb-cron, + freebsd-ubin-9.1-r2.ebuild, freebsd-ubin-9.2.ebuild: + Run updatedb with nobody; Generate locate database beforehand. #472468
