On Wed, Sep 24, 2003, Dennis McRitchie wrote:
> I've read all the docs and may have missed this, but while the way to
> specify the various user types is quite clear, the purpose of the 4 user
> types is not (at least to me).
>
> 1) I understand what a management user is, and presumably the user and group
> names of the repository being created will match this user. Is there any
> other action or property that is related to the management user?
No, it mainly corresponds to the "bin" user/group of typical Unix platforms.
But it also is the user/group under which you usually build packages.
> 2) I understand what a superuser is, but am not sure how this user/group
> specification is used by OpenPKG, both during and after the bootstrap
> process. I know you have to be root during phase 2 of the bootstrap to set
> up certain activities and users/groups, but I don't have to tell the script
> about that.
You don't have to tell the script this because it defaults to "root".
But if you're deploying private OpenPKG instances (for instance in
your home) without having any root priviledges, the super-user usually
becomes the same as the management user (and as a consequence some
packages no longer can operate correctly, of course). To see what
OpenPKG _ACTUALLY_ does with the super-user/group, you would have to
grep(1) for all %{l_susr} and %{l_sgrp} macros in all spec files and
rc files throughout OpenPKG. But it mainly is for assigning files to
the super-user for security reasons and for assigning rc jobs to the
super-user for running as it.
The two classical variants of the four users are actually this:
1. if you're deploying OpenPKG as a system instance (requires
super-user privileges), you usually use "--user=foo --group=foo" and
get susr/sgrp=root/wheel, musr/mgrp=foo/foo, rusr/rgrp=foo-r/foo-r
and nusr/ngrp=foo-n/foo-n.
2. if you're deploying OpenPKG as a private instance (requires
no super-user privileges), you usually use ($U=`id -u -n`, $G=`id -g
-n`) "--susr=$U --sgrp=$G --musr=$U --mgrp=$G --rusr=$U --rgrp=$G
--nusr=$U --ngrp=$G".
> 3) What are the actions and properties related to the restricted user?
>
> 4) What are the actions and properties related to the non-privileged user?
If you look at http://www.openpkg.org/faq.html#uid-security you see a
table and on the right side there is "Files" (user/group ownes files)
and "Proc." (user/group owns processes). These distinguish different
user/groups, too.
Ralf S. Engelschall
[EMAIL PROTECTED]
www.engelschall.com
______________________________________________________________________
The OpenPKG Project www.openpkg.org
User Communication List [EMAIL PROTECTED]
