Re: A question on setting setuid bit
Thibaut Paumard <firstname.lastname@example.org> wrote:
> Le jeudi 06 juillet 2006 à 07:36 +1000, Matthew Palmer a écrit :
> [about suid bits]
>> My personal preference would be for the maintainer to just take a stand, set
>> it or not, and let people who actually know what's going on to use
>> dpkg-statoverride to fix the problem to their satisfaction. (This actually
>> also applies to man-db and cdrecord, as it happens, but there's a lot of
>> inertia to overcome there).
> In that case, does it make sense to prompt the admin once from the
> postinst script with a message such as:
> "Warning: <such file> from <such package> installed with suid bit. If
> this is unacceptable at your site, use dpkg-statoverride to clear this
> bit." ?
I don't think so. If it is important enough to justify such a warning,
the default should rather be not to set the setuid bit. On the other
hand, if it isn't so important, a note in README.Debian (and the
relevant manpages) is sufficient.
Single Molecule Spectroscopy, Protein Folding @ Inst. f. Biochemie, Univ. Zürich
Debian Developer (teTeX)