[aur-general] any rules for groupadd in .install files?

Christian Himpel chressie at googlemail.com
Fri Jul 16 09:37:25 EDT 2010


hi,

it happens that i'm the current maintainer of the go-hg[1] package in aur.

currently the package installs in /opt/go. go has nice support for
installing third-party packages (goinstall), but it's a security risk
for people to goinstall these third-party libraries as root.
installing the gofiles with group 'go' and setting sgid bit for all
(or only affected) directories this security flaw could be avoided (or
at least reduced).

so my question is: are there any rules or policies for packages, that
call groupadd in the .install files?

i saw that extra/qemu-kvm adds the group kvm with gid 78, so is there
somewhere a list with `available' gids?

do you have any other/better idea how to face the problem?

thank you very much in advance!

cheers,
chressie

[1]: http://aur.archlinux.org/packages.php?ID=33695


More information about the aur-general mailing list