[...]
or so and move the SUID bit setting including creating a
group to postinst so that you limit the impact to an acceptable minimum.
Having an open root access for everybody on a system is quite a bit
too generous IMHO.
I don't like also having a SUID binary but it is the only way I
found to raise the priority of the process. I've moved the "chmod"
to the postinst script but I couldn't create a group to setuid to
because the nice system call (see nice(2)) needs superuser
privileges.
I seem to have not expressed my idea correctly:
- Have your binary chmod 4750
- with uid 0 (thus the setUID) and
- group "whateveryournewgroupname"
In debian/postinst that would look like:
chmod 4750 $BINARY
chown 0:$GID $BINARY
where $GID is the group id of the group you create in postinst.
That will make sure it gets the UID 0 correctly so that nice(2) will work ok
and also will make sure that only users of the group are allowed to execute
it.
Does that make sense for you?