su in debian.rules

To: debian-devel@Pixar.com
Subject: su in debian.rules
From: Richard Kettlewell <richard@uk.geeks.org>
Date: Fri, 2 Feb 96 01:39:38 +0000 (GMT)
Message-id: <[🔎] cN4mJq10R8@sfere.elmail.co.uk>
In-reply-to: <m0ti7tx-0006ieC@rdm.legislate.com>
References: <m0ti7tx-0006ieC@rdm.legislate.com>

Raul Miller writes:

>Aside: the debian.rules file lets you build source packages without
>losing the compiled binaries.

Cute...  What is `sam', BTW?

>Also, it will call su for the critical part of the binary target.  I
>think this is a fairly clean debian.rules file -- I wonder if some
>variant of this should be adopted for the hello package?

I hope not...  sorry l-)

I have a `really' command which executes its arguments in a root
shell.  (It only works for trusted users[1].)  This is much more
convenient on an essentially single-user system than typing in a
password for every build, which is what I'd have to do were a call to
su put into debian.rules.

(I urge everybody not to upload a package with the functionality of
`really' - there's too much danger that someone might actually use
it.)

Convenient ways of becoming root are currently unlikely to be
portable.  The way to go here is perhaps a script which does something
like this:

	#!/bin/sh
	exec su -c ./debian.rules "$@"

All that said, I think it would be a good thing if there were a
program to fix up the permissions in a .deb file (doing it to a tar
file would probably be sufficient) so that one didn't have to become
root at all to build packages.  I don't really mind running the
`binary' target as root, but all those rm's in the `clean' target give
me the shivers...

Oh, and talking of su, I thought about submitting a bug report on this
one, but it's a touch trivial and flippant...  l-)

--------------------------------------------------
Subject: wooly thinking in su(1) man page

Package: shellutils
Version: 1.12-4

|Why GNU su does not support the wheel group (by Richard Stallman)
[...]
|       However, occasionally the rulers do tell  someone.   Under
|       the usual su mechanism, once someone learns the root pass-
|       word who sympathizes with the ordinary users, he can  tell
|       the  rest.   The  "wheel  group"  feature  would make this
|       impossible, and thus cement the power of the rulers.

If `someone' has root then they can add arbitrary users to the `wheel'
group by editing /etc/group.
--------------------------------------------------

- 
Richard Kettlewell richard@uk.geeks.org http://www.elmail.co.uk/staff/richard/

[1] those in group `staff' in this case.  There are other
    implementations with different ideas as to who to trust with
    password-free root access.

Reply to:

Follow-Ups:
- Re: su in debian.rules
  - From: "Mark W. Eichin" <eichin@cygnus.com>
- Re: su in debian.rules
  - From: Raul Miller <rdm@tad.micro.umn.edu>

Prev by Date: Re: ho hum...
Next by Date: Re: Revision roll-over
Previous by thread: Re: Revision roll-over
Next by thread: Re: su in debian.rules
Index(es):
- Date
- Thread