-- http://wiki.hackcoop.com.ar
-------------------- Start of forwarded message -------------------- Date: Tue, 03 Feb 2015 14:27:14 +0200 From: Evangelos Foutras <[email protected]> To: Public mailing list for Arch Linux development <[email protected]> Subject: Re: [arch-dev-public] user/group management in packages On 03/02/15 13:46, Allan McRae wrote: > Hi all, > > While looking into how best handle those directory permission warnings > with pacman-4.2, I have noticed a couple of things about user/group > management in our packages. > > 1) We should not remove users/groups when packages are uninstalled. This > is a potential security issue if any files are left owned by the > non-existent user/group. > > 2) Most packages that chown files in the install file could do it use > the user/group number in the PKGBUILD. This works on any package with a > reserved user/group ID. The advantage of doing this is that pacman can > track the permissions. (A solution is being worked on for dynamically > created user/groups whose id number can vary.) > > Should I create a rebuild list? I'd say yes and I agree on both points. This is also a perfect opportunity to mention systemd-sysusers(8) which, along with sysusers.d(5) entries, can greatly simplify the creation of system users. For an example, check out the openldap package: https://projects.archlinux.org/svntogit/packages.git/tree/trunk/slapd.sysusers?h=packages/openldap https://projects.archlinux.org/svntogit/packages.git/tree/trunk/openldap.install?h=packages/openldap -------------------- End of forwarded message --------------------
signature.asc
Description: PGP signature
_______________________________________________ Dev mailing list [email protected] https://lists.parabola.nu/mailman/listinfo/dev
