[sbopkg-discuss] Re: Package ownership

[Chess Griffin]

* T2F <bkirkp at gmail.com> [2009-02-10 15:39:47]:

> 
> Can someone explain to me why sbopkg insists that the package belong
> to root:root? I keep my sandbox with the rest of my data on a server
> partition where the files are owned by bill:data & permissioned 664. I
> have an hourly cron job that sees to the proper permissions. If I
> build a package & install it immediately, I have no problems, but if I
> go back later, for example to install it on my laptop, I have to
> install from the command line. installpkg has no problems with
> ownership, why should sbopkg?
> Regards,
> Bill

Well, this was added to prevent a potential security risk since sbopkg
had the capability of being run as a root or non-root user.  Howevever,
this restriction may be eliminated as we are currently discussing
removing the ability to run sbopkg as a non-root user and require it to
be run as root only, just like pkgtool, slackpkg, etc.  In fact, I was
going to post something here to the ML asking whether anyone really
needed the ability to use sbopkg as a non-root user.  The current
'user-mode' in sbopkg is deficient in many ways, and causes problems
such as this one you raise.

In my opinion, I think sbopkg should be just like those other tools and
require root permissions to run.  If that was the case, then I do not
believe it would need to check for ownership or permissions of packages.

In the meantime, if you want to comment out lines 1572-1576 in
/usr/bin/sbopkg that will skip this check.

-- 
Chess Griffin
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 197 bytes
Desc: Digital signature
URL: <http://sbopkg.org/pipermail/sbopkg-users/attachments/20090210/44161a76/attachment.sig>