Re: (r_usr,r_grp) => (with_user,with_group) ?

Wed, 17 Aug 2005 11:46:08 -0700 

On Wed, Aug 17, 2005, Ralf S. Engelschall wrote:
>On Wed, Aug 17, 2005, Matthias Kurz wrote:
>
>> Shouldn't all packages that use r_usr and/or r_grp get an option to
>> specify a "real" user/group ? Else, when someone gains access to one
>> package that uses r_usr/r_grp, he would also have access to files from
>> other packages. Also, this may support people who are "used" to use
>> special (common) users for such cases.
>
>We have those with_{user,group} options just in "amanda", "bacula"
>and one more package I cannot remember. And to be honest, the whole
>with_{user,group} I just accepted in those few packages because people
>wished it multiple times and I got tired of arguing and thought "well,
>it doesn't really hurt in those few packages, so ok".
>
...
>If we really come to the conclusion that those options are absolutely
>necessary, then we should at least think about orthogonality and
>completeness and instead of adding with_{user,group} options to each
>package we should use a more general RPM mechanism overwrite all those
>variables (--define "l_usr xxx") plus add the possibility to make them
>sticky throughout upgrades.

I agree.

The only package that I've had to fiddle user/group names is uucp, and that
because the underlying OS ties these into dialup getty.  One of these days,
I'll get hylafax packaged, and it's going to require the same things for
faxgetty to work properly.

If there's a pressing reason for someone to use non-standard ownership,
they're free to modify the spec file and rebuild for their local use.  This
is a bit of a PITA for the local user since they then have to keep track of
these changes as updates come out, but that's their problem.

Security on database related applications can easily be handled using the
underlying database's security model without any changed required for
OpenPKG packages.

Bill
--
INTERNET:   [EMAIL PROTECTED]  Bill Campbell; Celestial Software LLC
UUCP:               camco!bill  PO Box 820; 6641 E. Mercer Way
FAX:            (206) 232-9186  Mercer Island, WA 98040-0820; (206) 236-1676
URL: http://www.celestial.com/

The ultimate result of shielding men from the effects of folly is to fill
the world with fools. -- Herbert Spencer (1891)
______________________________________________________________________
The OpenPKG Project                                    www.openpkg.org
Developer Communication List                   openpkg-dev@openpkg.org

Reply via email to