jan.dvorak at sitronicsts.com
Mon Sep 15 00:17:04 PDT 2008
On Saturday 13 September 2008 03:38:16 Robert Connolly wrote:
> > fcron has to run with full set anyway, or not?
> Almost always no. crond only needs to do what you need it to do. If the
> only thing in root's crontab is to run /sbin/ldconfig, then almost all
> cababilities can be removed.
That's right, but the problem is you don't know beforehand. But you can
change them while it's running, right? So I guess, it's fine.
> None of these daemons needs all the privileges of a root shell, like
> having write permission on every file.
> Everything could be installed at user 'bin'. This doesn't stop files
> from being overwritten, but it's a step in the right direction.
It solves the security problem with root being able to overwrite them. If
they are not root's and he does not have CAP_FOWNER.
> Installing as a package-installer-user, like the
> more_control_and_pkg_man hint does, makes it easy to identify all new
> files for backups or checksums (with find(1)), without any advance
> information about exactly what files will be installed.
Yeah, `find /` with file system spread all over your harddrive. Get me
some SSDs for even SASes are too slow for this.
> If you're
> creating a package, from scratch, this is the best system to use.
If you are creating a package, you just use DESTDIR, compare result with
current file system state (using a simple script that does find(1) on
like 30 files tops (with exceptions) and compares them to currently
installed files) and when you are sure nothing will break, you just
`cp -a` them in.
> The more_control_and_pkg_man.txt hint system is tedious, but it
> identifies every problem with filesystem permissions and packages, for
> us. It's a big helper.
Nope, it's totall overkill. You never ever run a program under a package
user. The only reason for them is to install files safely, which can be
done without polluting your passwd and group files and making all *nix
people around scream with horror after looking at `ls -l` output.
More information about the hlfs-dev