Crazy APT/dpkg suggestion (user-installable packages)
Hello,
I am not a Debian developer, but I came up with the following idea for the
packaging system last night. I just wanted to throw this out to the list
and see what people thought about it.
It would be useful to many people if regular users could install Debian
packages into their home directories, but this would take an immense
amount of effort to make practical. This suggestion might be the next
best thing. Assuming that security issues could be resolved, make apt-get
and/or dpkg setuid root so that the following could be implemented:
* Any user can install a package, except when:
1) it would Conflict: with a package already installed by root
or by a different user
2) it would make the amount of free space available on any
partition less than some absolute size and/or percentage,
specifiable by root in a conf-file
3) it appears in a list of packages that root specifies may NOT
be user-installed (/etc/packages.deny)
4) it does NOT appear in a list of packages that root specifies
may be installed (/etc/packages.allow)
[I assume that the default would be (4) rather than (3), with the default
packages.allow being some list of harmless end-user packages and libraries
for them. Obviously on a multi-user system, we wouldn't want users
deciding to install things like telnetd. BTW, perhaps ssh could be split
into ssh-client and ssh-server?]
* A user can remove or upgrade a package s/he has installed, except when:
1) this would cause a root-installed package or a package
installed by another user to be removed or upgraded
* Root may easily do one of the following by setting a conf-file variable:
a) upgrade _all_ packages via apt-get upgrade
b) upgrade only packages previously installed by root
* Obviously dpkg needs to know who installed which package: keep a list in
/var/lib/dpkg/packages.user or something like that. A user could edit
this file to state that all packages were installed by his/her own
account, thereby never having to log in as root for package-management
tasks. (Perhaps this could also be set by asking "Will this machine be a
single-user system?" in the initial installation. In this case we would
install /etc/packages.deny rather than /etc/packages.allow)
* This could be an alternative to the usual dpkg / apt-get (Conflicts:
dpkg, Provides: dpkg) so that sysadmins who don't want the behavior
described here can keep the default we all know and love :) On
installation of the alternative package (dpkg-user?), ownership of all
previously-installed packages would be set to root in the above-mentioned
file /var/lib/dpkg/packages.user.
* I see the behavior described above being most desired on a single-user
system, or on a multi-user system where the sysadmin is too busy to
install packages specifically at the request of the users.
So... feel free to rip this to shreds now. (And note that I'm not
volunteering to write such a package... maybe in May after my exams!)
Sincerely,
Kevin McCarty
Reply to: