[arch-general] Fix or not fix? install scriptlets with user handling.
Jan de Groot
jan at jgc.homeip.net
Thu May 28 05:46:49 EDT 2009
On Thu, 2009-05-28 at 11:28 +0200, RedShift wrote:
> IMNSHO .install scripts should never ever add users or groups, let
> alone remove them. Everything that would need a user for itself should
> default to "nobody". Yes, this imposes, though small, a security risk
> but any decent server admin will move that stuff to its own user.
> I've even seen packages that start and stop daemons themselves
> (shrug!), if it were up to me there would be no such things. But many
> believe that automatically adding and removing users is "OK". A
> package should install its program files, and THAT'S IT. Nothing more.
> It may be a bit a spartan way, but it's reliable (no unexpected
> surprises) and leads to an uncluttered passwd and group file.
Running everything with the nobody group means that the nobody user will
become another superuser. This is a very bad idea. With your "solution",
programs that install setuid/setgid files such as policykit become
dangerous to install.
More information about the arch-general