Re: debmake suid programs

To: clameter@waterf.org (Christoph Lameter)
Cc: debian-devel@lists.debian.org
Subject: Re: debmake suid programs
From: Marek Michalkiewicz <marekm@i17linuxb.ists.pwr.wroc.pl>
Date: Thu, 7 Nov 1996 19:52:58 +0100 (MET)
Message-id: <199611071852.TAA02920@i17linuxb.ists.pwr.wroc.pl>
In-reply-to: <Pine.LNX.3.95.961107064046.3406B-100000@waterf.org> from "Christoph Lameter" at Nov 7, 96 06:55:50 am

Christoph Lameter:
> 1. In the past it was necessary to become superuser to build a package
>    due to the nature of the dpkg tools. If this is wrong then please tell
>    me how dpkg could work without superuser access. I have tried a number
>    of ways to circumvent the issue with no success.

Correct me if I am wrong, but I think dpkg needs root privileges
only to create files with the right file ownerships/permissions in
debian/tmp (used to create a tar archive).  But a tar archive is
just a regular file - the ownerships/permissions inside can be
changed by modifying it (no root privileges necessary).

I think there are several possibilities:

 - when creating the package, pipe the tar archive (before gzipping)
   through a program to change permissions in the tar file headers,
   as specified in a permissions specification file supplied with the
   package.  Special files can be created as zero-length files and
   their type/major/minor changed later by modifying the tar archive.

 - run tar as usual, but modify dpkg to unpack files using cpio with
   the -R root:root (set the ownership of all files created) option.
   Then set the correct permissions in postinst.  (Devices can be
   created in postinst as well - just run MAKEDEV.)

The "permissions specification file" I mentioned could also be used
later to check permissions (and restore them if they ever get screwed
up, without reinstalling the whole package).

Funny, there is already a program to check/restore permissions
(ftp://sunsite.unc.edu/pub/Linux/system/Admin/fixperms.1.00.tar.gz)
and the documentation even says that it is available in Debian, but
it isn't - what is the story?  It is very old, from 1994 - was there
some other distribution called Debian at that time? :-)

It would be very nice to allow building packages by any user, without
any privileges.  For example, build a package on a fast machine with
a lot of disk space (but where you aren't root) and later install it
as root on your small home box...

Comments?

Marek

--
TO UNSUBSCRIBE FROM THIS MAILING LIST: e-mail the word "unsubscribe" to
debian-devel-REQUEST@lists.debian.org . Trouble? e-mail to Bruce@Pixar.com

Reply to:

Follow-Ups:
- Re: debmake suid programs
  - From: sailer@sun10.sep.bnl.gov (Tim Sailer)

References:
- debmake suid programs
  - From: Christoph Lameter <clameter@waterf.org>

Prev by Date: Bug#5312: ae escapes 8-bit chars by default
Next by Date: Re: Bug#5312: ae escapes 8-bit chars by default
Previous by thread: Re: debmake suid programs
Next by thread: Re: debmake suid programs
Index(es):
- Date
- Thread