Thanks for the info Ralf. I'm still unclear why the restricted and non-privileged even exist, but I think I'll go with classical variant 2 below for now, and grep for their use later.
Thanks again. Dennis -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of Ralf S. Engelschall Sent: Thursday, September 25, 2003 5:09 AM To: [EMAIL PROTECTED] Subject: Re: What is the purpose of the various user types On Wed, Sep 24, 2003, Dennis McRitchie wrote: > I've read all the docs and may have missed this, but while the way to > specify the various user types is quite clear, the purpose of the 4 user > types is not (at least to me). > > 1) I understand what a management user is, and presumably the user and group > names of the repository being created will match this user. Is there any > other action or property that is related to the management user? No, it mainly corresponds to the "bin" user/group of typical Unix platforms. But it also is the user/group under which you usually build packages. > 2) I understand what a superuser is, but am not sure how this user/group > specification is used by OpenPKG, both during and after the bootstrap > process. I know you have to be root during phase 2 of the bootstrap to set > up certain activities and users/groups, but I don't have to tell the script > about that. You don't have to tell the script this because it defaults to "root". But if you're deploying private OpenPKG instances (for instance in your home) without having any root priviledges, the super-user usually becomes the same as the management user (and as a consequence some packages no longer can operate correctly, of course). To see what OpenPKG _ACTUALLY_ does with the super-user/group, you would have to grep(1) for all %{l_susr} and %{l_sgrp} macros in all spec files and rc files throughout OpenPKG. But it mainly is for assigning files to the super-user for security reasons and for assigning rc jobs to the super-user for running as it. The two classical variants of the four users are actually this: 1. if you're deploying OpenPKG as a system instance (requires super-user privileges), you usually use "--user=foo --group=foo" and get susr/sgrp=root/wheel, musr/mgrp=foo/foo, rusr/rgrp=foo-r/foo-r and nusr/ngrp=foo-n/foo-n. 2. if you're deploying OpenPKG as a private instance (requires no super-user privileges), you usually use ($U=`id -u -n`, $G=`id -g -n`) "--susr=$U --sgrp=$G --musr=$U --mgrp=$G --rusr=$U --rgrp=$G --nusr=$U --ngrp=$G". > 3) What are the actions and properties related to the restricted user? > > 4) What are the actions and properties related to the non-privileged user? If you look at http://www.openpkg.org/faq.html#uid-security you see a table and on the right side there is "Files" (user/group ownes files) and "Proc." (user/group owns processes). These distinguish different user/groups, too. Ralf S. Engelschall [EMAIL PROTECTED] www.engelschall.com ______________________________________________________________________ The OpenPKG Project www.openpkg.org User Communication List [EMAIL PROTECTED] ______________________________________________________________________ The OpenPKG Project www.openpkg.org User Communication List [EMAIL PROTECTED]
