On Monday September 15 2008 03:17:04 am Jan Dvorak wrote: > > The more_control_and_pkg_man.txt hint system is tedious, but it > > identifies every problem with filesystem permissions and packages, for > > us. It's a big helper. > > Nope, it's totall overkill. You never ever run a program under a package > user. The only reason for them is to install files safely, which can be > done without polluting your passwd and group files and making all *nix > people around scream with horror after looking at `ls -l` output.
An alternative would be two users, an owner (user-1) of most of the filesystem (/usr, /lib, /bin), and a build user (user-2). The two users are in the same group. user-2 has write permission on /usr, and can install there, but can't overwrite user-1's files. After an install, the new files have their ownership changed from user-2 to user-1, and group-write removed. This keeps packages from overwriting eachother, an installed-files list can be made for each package before (or during) ownership change, and it only involves two users. The installed-files list is usefull if you want to reinstall, or upgrade, a package, so the file ownships can be flipped back to user-2. Without this file list, it would be a nightmare to reinstall a package. After the base system is installed, /lib, /bin, and /sbin, can have their group write removed, so user-2 can't install there anymore. This can be helpfull with packages that are not in the blfs book, and who install in strange places. /lib/modules could remain group writable. Disk devices, in /dev/, might also benefit by being owned by non-root. robert
pgpKTMeIqwMdt.pgp
Description: PGP signature
-- http://linuxfromscratch.org/mailman/listinfo/hlfs-dev FAQ: http://www.linuxfromscratch.org/faq/ Unsubscribe: See the above information page