>>> On Saturday, 19. August 2006 at 10:56 am, Ralf S. Engelschall<[EMAIL >>> PROTECTED]> wrote: > One last word: the stuff is controlled by a > <prefix>/etc/openpkg/managers file. Usually this shouldn't be changed. > But with great care one _can_ add a regular user to this configuration > file and this way allow him to also manage the OpenPKG instance. One > just has to keep in mind that this way one makes the regular user > security wise equal to the super and management users. > I want to point out that it is possible to remove either m_usr or root or both of them from the managers file thus removing the privilege fiddling from them, and restore behavior as it was before the new feature or like passing the --keep-privilege option.
Later (yet unpublished) openpkg-20060822 version checks the owner and permissions of the managers file and ignores improper configurations. This also ensures sane, compatible and predictable operations for special cases like - personal (non-root) instances - instances installed on non-SUID-able filesystems - openpkg package upgraded as non-root Administrators and developers can gain run-time insight to the new logic passing a new --debug option to "openpkg". I spent a lot of time with testing the patch on various platforms and all my tests completed successfully with expected results. Testing on large number of platforms: = ix86-freebsd6.1, ia64-freebsd6.1, ix86-freebsd4.11, ix86-netbsd3.0 ix86-solaris9, ix86-solaris10 sparc64-solaris8, sparc64-solaris9, sparc64-solaris10 ix86-debian3.1, ix86-rhel4, ix86-suse9, ix86-suse10.1 - build from source and install as root using vanilla obmtool - checking ownership and perms of managers file and openpkg command - as musr, register with token and run "openpkg build sudo" Testing on reduced number of platforms: = ix86-freebsd6.1, ix86-solaris10, ix86-debian3.1 - installing a personal instance on NFS - build, install, use vim and erase vim and openpkg - testing with musr disabled - testing with root disabled Testing on single platform only: = ix86-rhel4 - upgrading OpenPKG 2.5 with rebuild as musr and install as musr - upgrading OpenPKG 2.5 with rebuild as musr and install as root = ix86-suse9 - testing with illegal ownership of managers file = sparc64-solaris10 - building and installing openssh - starting, status inquiry and stopping ssh daemon My ideas and lab resources are exhausted and I qualify the 20060822 patch being ready to be committed to CURRENT. I'll then continue with field testing in appropriate environments and other's can do so, too. -- Thomas Lotterer <[EMAIL PROTECTED]>, Vice President and Director Engineering & Production, OpenPKG Foundation e.V. ______________________________________________________________________ The OpenPKG Project www.openpkg.org Developer Communication List openpkg-dev@openpkg.org
