On 1/22/19 3:26 AM, Daniel Golle wrote:
Hi Jo, Hi everyone, I was happy to see the addition of the INSTALL_SUID macro and now wonder if it'd make sense to use fakeroot in order to allow installing files for different users as well. For now, all files in rootfs are always owned by root:root, and sometimes this is not what we want.
The ability to easily have services running with reduced privileges would be a welcome change. While I have also written some rather ugly scripts to change ownership at first boot, such a change would allow OpenWrt to ship and packages to install in an arguably more secure configuration.
For packages, it would seem that some changes in opkg might be needed to manage the proper additions to users/groups, as well as setting ownership and access during install. Personally, it wouldn't bother me if the added users/groups were not removed if the package was removed.
Jeff _______________________________________________ openwrt-devel mailing list openwrt-devel@lists.openwrt.org https://lists.openwrt.org/mailman/listinfo/openwrt-devel
