On Sat, Apr 08, 2000 at 12:48 +0200, Eivind Eklund wrote:
> On Mon, Apr 03, 2000 at 07:13:44PM +0200, Gerhard Sittig wrote:
>
> [ ... cvs refuses to act on root's behalf ... ]
> > There's something wrong in your enterprise. Go and read some
> > basic doc about how to deal with priviledges! And don't tell
> > your other team members to ask the same question, please :>
>
> There is something wrong in your mind. Go and think some basic
> thoughts about there being *varying external factors* in the
> world! And do tell your other team members to do the same,
> please :>
I still see sense (and need!) in restricting oneself -- it's
usually done for your own sake. Otherwise we could as well do
*everything* as root (just as the originating message suggested
as being the normal state) and run every peace of software in
ring0. So let's go out and install DOS and W95 everywhere since
anything else is too complicated and overdone. Or was it the
other way around? Let's run UNIX and use it as root all day long
since the software isn't clueless and surely will do no real
harm?
I know this is somewhat sarcastic, but I hope it shows what I'm
afraid of to be driven to when following this argument. And BTW:
The "don't tell the others to ask, too" was meant for the fact
that there were two questions this day from the very same company
with the exact same "problem". I had even better said "tell the
others not to ask, too", I guess.
> Seriously: There are cases where using CVS as root makes very good
> sense. For instance, at my employer, there are basically four roles
> we have for machines where it might be relevant to run CVS:
> 1. Workstation for a developer
> 2. Development test box for one of our own systems
> 3. Production box for one of our own systems
> 4. Development test box for the OSen we run
What you explain below in further detail about the reasons all
sounds to me to be along the same line: "I don't care" and "I
know what I do". I don't doubt your reputation in technical
terms and I'm sure you know UNIX better than me :) but I don't
want to hear complaints afterward from the ones saying before "I
*want* to shoot my foot and please don't try to stop me from
doing so".
> Our own systems generally take over the box, and run as a
> myriad of user ids at the same time (to manage privilege
> properly).
>
> For role 1, it makes sense to run CVS exclusively as a user.
>
> For role 2, it doesn't matter if the box is trashed, most
> commands must be run as root anyway, and the convenience of
> running with just a root account outweights any percieved
> security gain. Box restoration is reasonably fast.
Did I get it right? You do development on a local repo on a
machine you don't care to trash and restore? This would sound
hazardous to me. Development is hard enough to be done for a
trash can :)
> For role 3, just about everything done needs to be done as
> root; we occasionally do a minor bugfix on a production box and
> commit it from there (extremely constrained by the type of bug,
> of course.) Having to change to another user account and
> chaning file ownerships just to do this is just an extra hassle
> and an extra risk.
>
> For role 4, the boxes are also generally trashable (it takes less than
> one minute of human time and less than 8 minutes of machine time to
> restore a trashed box), and working as root when you are doing kernel
> hacking is much more convenient (especially when you get into a
> test/boot cycle.)
You do a local fix as root -- OK (for a very well protected or
isolated environment). But then you contact a remote repo as
root? Did I miss a point when assuming cvs doesn't complain
about the frontend user being root but about the repo operation
(the server side action) is about to be done with root
priviledges? In the first case I'm just plain wrong and didn't
understand cvs in this respect. But for the latter: does this
mean you operate a repo service with unnecessarily high
priviledge? Aren't there means to invoke cvs (the command)
locally as root and despite do the repo operation as an ordinary
user? From what I got in the previous thread, they are. And I
suppose you do trust the feedback channel from the fixed machine
to the dev repo.
virtually yours 82D1 9B9C 01DC 4FB4 D7B4 61BE 3F49 4F77 72DE DA76
Gerhard Sittig true | mail -s "get gpg key" [EMAIL PROTECTED]
--
If you don't understand or are scared by any of the above
ask your parents or an adult to help you.
