An idea on extending the "Package users" approach

Eric Herman eric at mysql.com
Wed Jan 7 01:52:31 PST 2009


Angel Tsankov wrote:
> In his hint "Package users" Matthias Benkmann recommends to name the
> primary group of a package user after the user name.  But why
> duplicate information instead of extending it?!  Couldn't we name the

I continue to find the simple "duplicate info" of user and group to very
practical.

Having given some thought to what I might want to do with the
opportunity (create sub-groups or whatever), I eventually decided that
there was nothing that was as useful and the simplicity of the same user
  and group approach.

Of course the command line duplication when installing a new package is
irritating, so if you know that's the approach you're going to use,
modify the script to only pass in the variable once.

But, probably the most interesting extension of package users that I
feel others might benefit from is an idea I had for dealing with ldconfig.

It's quite simple really. Create a special user for ldconfig, and set
the suid bit so any member of the install group can run /sbin/ldconfig
and make sure that /etc/ld.so.cache is owned by the ldconfig user.
(ldconfig is a member of the install group)

root:/# ls -l /sbin/ldconfig
-rwsr-xr-- 1 ldconfig install 866314 Aug  4 19:44 /sbin/ldconfig
root:/# ls -l /etc/ld.so.cache
-rw-r--r-- 1 ldconfig glibc 7908 Dec 20 12:46 /etc/ld.so.cache
root:/#

Oddly, because the group is recorded, we can see that glibc was the last
user to run ldconfig.

Cheers
  -Eric

-- 
Eric Herman, Software Developer
Sun MySQL www.mysql.com
Mobile: +31 62 071 9662



More information about the lfs-chat mailing list