Bug#580078: lintian: false positive for "init.d-script-missing-dependency-on-remote_fs /etc/init.d/cryptdisks: required start/stop"
Raphael Geissert <geissert@debian.org> writes:
> Jonas Meurer wrote:
>> cryptdisks and cryptdisks-early initscripts both need to be started
>> before any (non-root) filesystem is mounted. still, i added a check for
>> /usr/bin/id in the initscripts in order to warn normal users that they
>> need root privileges when they execute the initscript.
> First of all I'm curious as to why you are adding that check. Only a
> few, rare, init scripts do that.
> I'm actually surprised that policy doesn't say a word about this. I
> don't think there's any reason to introduce such a technical blockage
> (that can be bypassed until the point where the special privileges are
> actually needed.)
> Russ, what do you think? (with your policy hat on :)
I agree, and I see Jonas is already convinced. I'm not sure that the
capabilities system is usable enough that anyone would do this right now,
but it should be possible to grant a non-root user the capabilities to run
particular init scripts and there may be some times when that's more
useful than using sudo.
--
Russ Allbery (rra@debian.org) <http://www.eyrie.org/~eagle/>
Reply to: