[aur-general] any rules for groupadd in .install files?
Christian Himpel
chressie at googlemail.com
Fri Jul 16 10:57:59 EDT 2010
On Fri, Jul 16, 2010 at 3:51 PM, jwbirdsong
<jwbirdsong at jwbirdsong.homelinux.com> wrote:
> On 07/16/2010 07:37 AM, Christian Himpel wrote:
>> hi,
>>
>> it happens that i'm the current maintainer of the go-hg[1] package in aur.
>>
>> currently the package installs in /opt/go. go has nice support for
>> installing third-party packages (goinstall), but it's a security risk
>> for people to goinstall these third-party libraries as root.
>> installing the gofiles with group 'go' and setting sgid bit for all
>> (or only affected) directories this security flaw could be avoided (or
>> at least reduced).
>>
>> so my question is: are there any rules or policies for packages, that
>> call groupadd in the .install files?
>>
>> i saw that extra/qemu-kvm adds the group kvm with gid 78, so is there
>> somewhere a list with `available' gids?
>>
>> do you have any other/better idea how to face the problem?
>>
>> thank you very much in advance!
>>
>> cheers,
>> chressie
>>
>> [1]: http://aur.archlinux.org/packages.php?ID=33695
>>
> There is a list of current gid kep on the wiki
> http://wiki.archlinux.org/index.php/DeveloperWiki:UID_/_GID_Database
> Also search the arch-gen and arch-dev-public ML. There was some
> discussion on one of them maybe 2-3 month ago
>
thanks for your answers, i am going to look for the threads.
meanwhile i go for ionuțs solution using groupadd --system
cheers,
chressie
More information about the aur-general
mailing list