On Fri, Jul 16, 2010 at 3:51 PM, jwbirdsong <jwbirdsong@jwbirdsong.homelinux.com> wrote:
On 07/16/2010 07:37 AM, Christian Himpel wrote:
hi,
it happens that i'm the current maintainer of the go-hg[1] package in aur.
currently the package installs in /opt/go. go has nice support for installing third-party packages (goinstall), but it's a security risk for people to goinstall these third-party libraries as root. installing the gofiles with group 'go' and setting sgid bit for all (or only affected) directories this security flaw could be avoided (or at least reduced).
so my question is: are there any rules or policies for packages, that call groupadd in the .install files?
i saw that extra/qemu-kvm adds the group kvm with gid 78, so is there somewhere a list with `available' gids?
do you have any other/better idea how to face the problem?
thank you very much in advance!
cheers, chressie
There is a list of current gid kep on the wiki http://wiki.archlinux.org/index.php/DeveloperWiki:UID_/_GID_Database Also search the arch-gen and arch-dev-public ML. There was some discussion on one of them maybe 2-3 month ago
thanks for your answers, i am going to look for the threads. meanwhile i go for ionuțs solution using groupadd --system cheers, chressie