[arch-projects] [initscripts][PATCH 2/2] rc.d: Add check to cleanly abort rc.d script if user doesn't have root privileges

Seblu seblu at seblu.net
Sat Jun 18 11:30:24 EDT 2011 

On Sat, Jun 18, 2011 at 5:34 AM, Eric Bélanger <snowmaniscool at gmail.com> wrote:
>
> Sure, checking for root privileges for all actions is the easiest and
> simplest method.  However, the status actions which currently, in most
> cases, can done as a regular user will require root privileges from
> now on if we go this way.
Yes. We speak of about 23 packages where a rc.d script should be
corrected about status.

cd /var/abs && grep -ril '/etc/rc.d/functions' *|xargs grep --color
'status)'|wc -l

I'm ready to propose an updated version of this 23 rc.d script, if
there is a workload isssue.

>
> I have another (better, IMO) idea: enforce root privilege for all
> actions except status.
> Pros:
> - no hardcoded list
you can see status as a list of 1 element ;)

> - regular users will still need be able to do: /etc/rc.d/foo status
>
> For the few packages that currently require root privilege for the
> status action, we can argue that they are misusing the status function
> as they don't follow the daemon prototype
> /usr/share/pacman/rc-script.proto which has:
>  status)
>    stat_busy "Checking $daemon_name status";
>    ck_status $daemon_name
>    ;;
> which doesn't need root privilege. So their current status function
> should be renamed to info, for example.
>
> This would imply simply adding the following to /etc/rc.d/functions :
>
> need_root() {
>  (( $EUID != 0 )) && printf 'You need to be root.\n' && exit 1
> }
>
> if [[ "$1" != 'status' ]]; then
>      need_root
> fi
>
Doesn't forget, /etc/rc.d/functions are sourced by others script than
rc.d scripts.
For example /var/abs/extra/ifplugd/ifplugd.action which doesn't have
$1 the same meaning as your code expect.

Even if your solution is a compromise, I think in the case of status
(23 pkg in the official repo), there is no need to make an exception
to do things well.

Tom / Dave / Thomas have you an opinion?

-- 
Sébastien Luttringer
www.seblu.net

More information about the arch-projects mailing list