su in debian.rules
Raul Miller writes:
>Aside: the debian.rules file lets you build source packages without
>losing the compiled binaries.
Cute... What is `sam', BTW?
>Also, it will call su for the critical part of the binary target. I
>think this is a fairly clean debian.rules file -- I wonder if some
>variant of this should be adopted for the hello package?
I hope not... sorry l-)
I have a `really' command which executes its arguments in a root
shell. (It only works for trusted users[1].) This is much more
convenient on an essentially single-user system than typing in a
password for every build, which is what I'd have to do were a call to
su put into debian.rules.
(I urge everybody not to upload a package with the functionality of
`really' - there's too much danger that someone might actually use
it.)
Convenient ways of becoming root are currently unlikely to be
portable. The way to go here is perhaps a script which does something
like this:
#!/bin/sh
exec su -c ./debian.rules "$@"
All that said, I think it would be a good thing if there were a
program to fix up the permissions in a .deb file (doing it to a tar
file would probably be sufficient) so that one didn't have to become
root at all to build packages. I don't really mind running the
`binary' target as root, but all those rm's in the `clean' target give
me the shivers...
Oh, and talking of su, I thought about submitting a bug report on this
one, but it's a touch trivial and flippant... l-)
--------------------------------------------------
Subject: wooly thinking in su(1) man page
Package: shellutils
Version: 1.12-4
|Why GNU su does not support the wheel group (by Richard Stallman)
[...]
| However, occasionally the rulers do tell someone. Under
| the usual su mechanism, once someone learns the root pass-
| word who sympathizes with the ordinary users, he can tell
| the rest. The "wheel group" feature would make this
| impossible, and thus cement the power of the rulers.
If `someone' has root then they can add arbitrary users to the `wheel'
group by editing /etc/group.
--------------------------------------------------
-
Richard Kettlewell richard@uk.geeks.org http://www.elmail.co.uk/staff/richard/
[1] those in group `staff' in this case. There are other
implementations with different ideas as to who to trust with
password-free root access.
Reply to: