On Wed, Feb 06, 2002 at 08:39:54AM -0500, Kevin B. McCarty wrote: > Hello, > I am not a Debian developer, but I came up with the following idea for the > packaging system last night. I just wanted to throw this out to the list > and see what people thought about it. I'm an almost Debian developer (I'm waiting for DAM, that's it). It's a funny coincidence I have thought about this some days ago. Only the implementation I was thinking of is different. > It would be useful to many people if regular users could install Debian > packages into their home directories, but this would take an immense > amount of effort to make practical. This suggestion might be the next > best thing. Assuming that security issues could be resolved, make apt-get > and/or dpkg setuid root so that the following could be implemented: I think it would take an immense amount of time to implement this in a normal UNIX system (GNU/Linux or BSD). But I think it's not that difficult to do in the Hurd, because it has such a nice design. Giving the user power while keeping security (the Hurd is even more secure actually) has always been a goal of the Hurd. I was thinking of the following implementation: We could make / a shadowfs (it's a little bit similar to BSD's unionfs, it "merges" directories into one directory) between the system partition and the users home directory. Then all changes will be written back to the user's home directory, including package installation. I haven't thought about the implementation in details yet. Note that this probably won't work yet. I've been told that dpkg doesn't know it can install packages as a normal user. There will probably also be problems if dpkg tries to remove directories and files. Shadowfs is still experimental, just like the Hurd. Our biggest problem is manpower (hint! hint!). Also there is no need to make anything setuid root AFAICS. It's because the Hurd has such a nice design. > * Any user can install a package, except when: > 1) it would Conflict: with a package already installed by root > or by a different user I think that could be overriden. > 2) it would make the amount of free space available on any > partition less than some absolute size and/or percentage, > specifiable by root in a conf-file It would just be the user's quota. > 3) it appears in a list of packages that root specifies may NOT > be user-installed (/etc/packages.deny) > 4) it does NOT appear in a list of packages that root specifies > may be installed (/etc/packages.allow) I don't see a reason for that. > [I assume that the default would be (4) rather than (3), with the default > packages.allow being some list of harmless end-user packages and libraries > for them. Obviously on a multi-user system, we wouldn't want users > deciding to install things like telnetd. BTW, perhaps ssh could be split > into ssh-client and ssh-server?] I don't see why users won't be able to install telnetd. It will just run with their permission and not being able to listen to a port <1024. The ssh-client and ssh-server split are just small details. > * A user can remove or upgrade a package s/he has installed, except when: > 1) this would cause a root-installed package or a package > installed by another user to be removed or upgraded Root's filesysytem will never be touched, only that of the user. > * Root may easily do one of the following by setting a conf-file variable: > a) upgrade _all_ packages via apt-get upgrade > b) upgrade only packages previously installed by root This would need something to be sure root won't break anything of the user. Root should not change the users filesystem, only its own. > * Obviously dpkg needs to know who installed which package: keep a list in > /var/lib/dpkg/packages.user or something like that. A user could edit > this file to state that all packages were installed by his/her own > account, thereby never having to log in as root for package-management > tasks. (Perhaps this could also be set by asking "Will this machine be a > single-user system?" in the initial installation. In this case we would > install /etc/packages.deny rather than /etc/packages.allow) I'm not sure yet how the dpkg implementation should work. > * This could be an alternative to the usual dpkg / apt-get (Conflicts: > dpkg, Provides: dpkg) so that sysadmins who don't want the behavior > described here can keep the default we all know and love :) On > installation of the alternative package (dpkg-user?), ownership of all > previously-installed packages would be set to root in the above-mentioned > file /var/lib/dpkg/packages.user. See above. > * I see the behavior described above being most desired on a single-user > system, or on a multi-user system where the sysadmin is too busy to > install packages specifically at the request of the users. I think it could be for every system. > So... feel free to rip this to shreds now. (And note that I'm not > volunteering to write such a package... maybe in May after my exams!) I think it's a nice idea, but not for GNU/Linux or BSD. It should be possible on GNU/Hurd. Jeroen Dekkers -- Jabber supporter - http://www.jabber.org Jabber ID: jdekkers@jabber.org Debian GNU supporter - http://www.debian.org http://www.gnu.org IRC: jeroen@openprojects
Attachment:
pgp1x7FUFo2nC.pgp
Description: PGP signature