[aur-general] any rules for groupadd in .install files?
jwbirdsong at jwbirdsong.homelinux.com
Fri Jul 16 09:51:01 EDT 2010
On 07/16/2010 07:37 AM, Christian Himpel wrote:
> it happens that i'm the current maintainer of the go-hg package in aur.
> currently the package installs in /opt/go. go has nice support for
> installing third-party packages (goinstall), but it's a security risk
> for people to goinstall these third-party libraries as root.
> installing the gofiles with group 'go' and setting sgid bit for all
> (or only affected) directories this security flaw could be avoided (or
> at least reduced).
> so my question is: are there any rules or policies for packages, that
> call groupadd in the .install files?
> i saw that extra/qemu-kvm adds the group kvm with gid 78, so is there
> somewhere a list with `available' gids?
> do you have any other/better idea how to face the problem?
> thank you very much in advance!
> : http://aur.archlinux.org/packages.php?ID=33695
There is a list of current gid kep on the wiki
Also search the arch-gen and arch-dev-public ML. There was some
discussion on one of them maybe 2-3 month ago
More information about the aur-general