root on ports
bdumm at bobby.bcpub.com
Wed Feb 14 12:08:17 PST 2001
On Thursday 15 February 2001 00:50, you wrote:
> On Tuesday 13 February 2001 20:16, Bryan Dumm wrote:
> > and if alfs ran as say user nobody then how
> > would elements like <make_install> work?
> In fact, suing to root only for <make_install> (and other) tags would make
> it a bit more secure and less risky. After all, only tags that can possibly
> write to disk need root access.
This is the path I started to take also...
This can be sent over ssl, and even the whole thing encrypted
again in the frontend, alfs_xmlrpcd.
But I don't think package designers should be adding this....
I think if you(alfs_xmlrpcd designer) got on a port, and you
worry about root, then you should be able to take the generic
package profile, and merge the needed <sudo> with all the
<make_install> or other type of commands?????????
maybe <sudo> the whole profile, make it easy???
at least alfs_xmlrpcd could run as user nobody this way...
More information about the alfs-discuss