Hi Franklin-- Thanks for the quick response!
On Sat 2008-10-25 05:25:07 -0400, Franklin PIAT wrote:
> My primary implementation idea was to make the folders owned by the
> group staff (like /usr/local). Would that fit your need ?
I'd rather not do that; membership in group staff is a huge privilege
(because you can rewrite /usr/local, as you say, which means members
could place a trojan in /usr/local/bin/ls, for example). So
membership in that group is not something that is easily granted.
> I wonder why you defined DI_NETBOOT_ASSISTANT_CONFIG. Do you need to
> be able to use multiple configuration dir ? or would it be fine to
> use ~/.di-netboot-assistant.conf (then fall back to /etc/... )
Ah, this makes more sense than what i did. As long as a user-supplied
config file is possible (so DL_CACHE, STATUS_LIB and CONFIG_DIR can be
overridden), the tool can be run cleanly as a non-privileged user. It
should probably fail cleanly if the user is unable to write to
DL_CACHE or STATUS_LIB, though.
Would you like me to submit a new patch that works this way?
Regards,
--dkg
pgpGyLTmKUlBh.pgp
Description: PGP signature
