Hi,
>> Once you authorize someone to use sudo, he _is_root for all intents >> and purposes, you realize that right ? > > In general that's not true, you can just allow some specific > commands via sudo. True, but "allow specific commands" is _really_ hard if you don't understand _everything_ about those commands and what they can do. > Assuming the install operation requires a fixed set of commands, > you could > - make a script 'install_oot' doing exactly what is required, Unless you want to target _one_ specific OOT, that's going to be hard ... unless you authorize the 'install' binary used in the 'make install' step, but at that point you've essentially allowed root access since the user can now replace arbitrary file on the system with arbitrary permission, giving them root. And some OOT install things like udev rules ... which are run as root, at which point you've again given root to all users. The ways to get this wrong are nearly endless here ... Even if you somehow managed to avoid all those traps, the users would still be able to install executable code in shared / system wide directories of GR. At this point other users could me made to execute arbitrary code by just running any GR app and if the admin normal user is one of those users actually using GR, you've again given root ... (or at the very least, given each user the ability to do anything as any other user). All in all, it's a terrible idea and it's better to have users be able to install OOT in a private dir and instruct GR to go look there. Cheers, Sylvain _______________________________________________ Discuss-gnuradio mailing list [email protected] https://lists.gnu.org/mailman/listinfo/discuss-gnuradio
