On May 12, 2008, at 5:51 PM, Andrew Lentvorski wrote:
3) Root to install. If software requires root for no good reason,
it goes into the trash.
The only things that _need_ to be root to be installed tend to fall
into the following categories, in my experience:
• The install process _really_ wants to chown/chgrp/chmod everything
it's installing to some value that may or may not be necessary. For
some things, like network services which you are trying to keep
relatively self-contained for security reasons, can legitimately say
they require this, and generally only root can create a new "service"
user/group and chown the installed files.
This seems marginally okay to me, and I get supremely annoyed when it
doesn't really need to do that. Things I'll excuse for that behavior
are things like Postfix, which try very hard to keep to themselves
once installed and running. In theory, you can install postfix as
your own user account if you really want to, and it should work just
fine (aside from being able to open ports 25, 465 and 587 without root
capability). It's a grey area for me.
• You're installing something that needs to start as root in order to
claim a low port, but then drops privileges to a non-root user.
In today's computing environment, This just seems outrageously stupid
to me. It's not like being root is some magical, bureaucratically-
approved status. Any idiot can have root on a machine thanks to
Linux, *BSD, Mac OS X, etc. There's just nothing special about low
ports anymore, if you ask me, so it seems kind of silly to still
require that a process be owned by root in order to snag a listening
port < 1024. This should be fixable with relative ease (Linux, *BSD),
but I've never looked into it.
• You're installing something in a part of the filesystem hierarchy
where you, as a normal user, do not have sufficient write access to
copy the necessary files.
I'm not sure I see a way around this one, but if an installer assumes
that this is the case without testing first, I get really annoyed.
Better to just fail with a "You can't write to /path/to/foo, so I
can't install BarMatic for you there" message, IMHO.
• You're installing third-party kernel extensions
This one really seems like the only one that should legitimately
demand to be root to do. It's something that affects the core of the
system, with great potential for screwing up badly.
Gregory
--
Gregory K. Ruiz-Ade <[EMAIL PROTECTED]>
OpenPGP Key ID: EAF4844B keyserver: pgpkeys.mit.edu
--
KPLUG-List@kernel-panic.org
http://www.kernel-panic.org/cgi-bin/mailman/listinfo/kplug-list
