[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

su in debian.rules

Raul Miller writes:

>Aside: the debian.rules file lets you build source packages without
>losing the compiled binaries.

Cute...  What is `sam', BTW?

>Also, it will call su for the critical part of the binary target.  I
>think this is a fairly clean debian.rules file -- I wonder if some
>variant of this should be adopted for the hello package?

I hope not...  sorry l-)

I have a `really' command which executes its arguments in a root
shell.  (It only works for trusted users[1].)  This is much more
convenient on an essentially single-user system than typing in a
password for every build, which is what I'd have to do were a call to
su put into debian.rules.

(I urge everybody not to upload a package with the functionality of
`really' - there's too much danger that someone might actually use

Convenient ways of becoming root are currently unlikely to be
portable.  The way to go here is perhaps a script which does something
like this:

	exec su -c ./debian.rules "$@"

All that said, I think it would be a good thing if there were a
program to fix up the permissions in a .deb file (doing it to a tar
file would probably be sufficient) so that one didn't have to become
root at all to build packages.  I don't really mind running the
`binary' target as root, but all those rm's in the `clean' target give
me the shivers...

Oh, and talking of su, I thought about submitting a bug report on this
one, but it's a touch trivial and flippant...  l-)

Subject: wooly thinking in su(1) man page

Package: shellutils
Version: 1.12-4

|Why GNU su does not support the wheel group (by Richard Stallman)
|       However, occasionally the rulers do tell  someone.   Under
|       the usual su mechanism, once someone learns the root pass-
|       word who sympathizes with the ordinary users, he can  tell
|       the  rest.   The  "wheel  group"  feature  would make this
|       impossible, and thus cement the power of the rulers.

If `someone' has root then they can add arbitrary users to the `wheel'
group by editing /etc/group.

Richard Kettlewell richard@uk.geeks.org http://www.elmail.co.uk/staff/richard/

[1] those in group `staff' in this case.  There are other
    implementations with different ideas as to who to trust with
    password-free root access.  

Reply to: