Re: Crazy APT/dpkg suggestion (user-installable packages)
On Wed, Feb 06, 2002 at 08:39:54AM -0500, Kevin B. McCarty wrote:
>
> * Any user can install a package, except when:
> 1) it would Conflict: with a package already installed by root
> or by a different user
and what prevents the user from getting the upstream tarball,
compiling, and installing to their $HOME? this is a needless
restriction.
> 2) it would make the amount of free space available on any
> partition less than some absolute size and/or percentage,
> specifiable by root in a conf-file
that is what quota's are for.
> 3) it appears in a list of packages that root specifies may NOT
> be user-installed (/etc/packages.deny)
same wget;tar;./configure;make;make install problem as above
> 4) it does NOT appear in a list of packages that root specifies
> may be installed (/etc/packages.allow)
same problem as above
> * A user can remove or upgrade a package s/he has installed, except when:
> 1) this would cause a root-installed package or a package
> installed by another user to be removed or upgraded
and _why_ wuld a root installed pacakge be dependent upon ANYTHING in
anyone's $HOME? that is a _very_ poor design.
if the admin says it is to go, it is to go. period. and if dpkg
complains, we have --force-* options to convince dpkg that we really are
smarter.
> * Root may easily do one of the following by setting a conf-file variable:
> a) upgrade _all_ packages via apt-get upgrade
> b) upgrade only packages previously installed by root
or are you thinking that user-installed packages would go into / instead
of $HOME? if the former, you are asking for major problems. if the
latter, then no worries. the admin should only affect the system
(root-installed) packages, and never touch anything installed by a user
into their $HOME
> * Obviously dpkg needs to know who installed which package: keep a list in
> /var/lib/dpkg/packages.user or something like that.
bah! that is what $HOME/var/lib/dpkg/packages is for! the main system
need not be concerned _at all_ with what is in anyone's $HOME. not even
root's. (so, say root wanted to install something to ~root instead of /,
for testing purposes . . . )
> * I see the behavior described above being most desired on a single-user
> system, or on a multi-user system where the sysadmin is too busy to
> install packages specifically at the request of the users.
if i want something bad enough (vim), and the local admins do not
provide it, i will compile it myself. i will keep it in $HOME, and if
the admins actually _do_ install it, but not compiled the way i like it,
then i will continue to use the version in my $HOME.
i don't think this is a bad idea, per se, as dpkg is not S[UG]ID, the only
thing a user could overwrite is files that they have write access to
(their own) anyway. untarring of a SUID root program would lose its SUID
and rootness, so no worries about a mailicous user gaining instant
UID=0.
i think this would be dificult to manage, as .deb's are not ``relocate-
able'' (ie: vim will look for /etc/vimrc, unless comiled otherwise)
-john
Reply to: