Re: Package Maker ownership issues
Re: Package Maker ownership issues
- Subject: Re: Package Maker ownership issues
- From: Jakub Bednar <email@hidden>
- Date: Tue, 6 Oct 2009 12:24:09 +0200
On Oct 5, 2009, at 9:56 PM, Iceberg-Dev wrote:
On Oct 5, 2009, at 11:04 AM, Jakub Bednar wrote:
On Oct 2, 2009, at 5:14 PM, Greg Neagle wrote:
user/group info for filesystem items is _always_ stored as numeric
values.
When you create your user, specify the UID at that time as well.
Hi Greg,
I was thinking about this in the first place, but I don't
think it is a correct solution, as there is no guarantee that the
UID is not already taken on target system.
That's why I think it should be possible to specify the user/group
by names. If there is no such user or group on the system, the
installation will fail, so it is the
responsibility of the installer to create such user/group.
Actually I think there should be 3 ways of specifying ownership:
1. UID/GID number, installed software will be owned by exactly this
user/group. (good for well known users/groups: root, admin, wheel)
2. user/group name, installed software will be owned by user/group
specified by this name. (good for newly created users/groups by the
installation process)
3. no user/group specified, meaning that the files should be owned
by user/group running the installer.
You really don't even want to think about it:
- Considering that there were/are a bunch of packages being
distributed with uid/gid set to 501 (or 502), millions of users will
end up with new user accounts.
- An installer that creates users/groups during installation is
probably a potential security risk in most of the cases.
- It's not the job of the installer to second-guess the package and
payload contents.
Well ok,
You are probably right in 99% of the cases. But I'm installing a
transparent proxy that needs a unique UID in the system to take
advantage of UID matching in firewall rules. Never mind, there are
workarounds. I was just wondering why it is not supported.
Thanks a lot,
Jakub
P.S. There is a bunch of Linux/FreeBSD software that is creating new
user accounts in the system for their purposes. It is just a normal
way of doing things on Linux/FreeBSD. There is also no problem to
create an invisible user without home directory and password with the
dscl utility, so why not support it in Installers?
_______________________________________________
Do not post admin requests to the list. They will be ignored.
Installer-dev mailing list (email@hidden)
Help/Unsubscribe/Update your Subscription:
This email sent to email@hidden
_______________________________________________
Do not post admin requests to the list. They will be ignored.
Installer-dev mailing list (email@hidden)
Help/Unsubscribe/Update your Subscription:
This email sent to email@hidden