root on ports

Bryan Dumm bdumm at bobby.bcpub.com
Wed Feb 14 12:08:17 PST 2001


On Thursday 15 February 2001 00:50, you wrote:
> On Tuesday 13 February 2001 20:16, Bryan Dumm wrote:
> > and if alfs ran as say user nobody then how
> > would elements like <make_install> work?
>
> In fact, suing to root only for <make_install> (and other) tags would make
> it a bit more secure and less risky. After all, only tags that can possibly
> write to disk need root access.

This is the path I started to take also...

ex.

<sudo user=root>
<sudopass>kgjdfgkdfjlgjdfkhlviu(encrypted pass)</sudopass>
<make_install>whatever</make_install>
</sudo>

This can be sent over ssl, and even the whole thing encrypted
again in the frontend, alfs_xmlrpcd.

But I don't think package designers should be adding this....
I think if you(alfs_xmlrpcd designer) got on a port, and you 
worry about root, then you should be able to take the generic 
package profile, and merge the needed <sudo> with all the 
<make_install> or other type of commands?????????

maybe <sudo> the whole profile, make it easy???

at least alfs_xmlrpcd could run as user nobody this way...

more thoughts?

Bryan





More information about the alfs-discuss mailing list