Re: RFS: eviacam
Hi Kilian,
[...]
- Have your binary chmod 4750
- with uid 0 (thus the setUID) and
- group "whateveryournewgroupname"
In debian/postinst that would look like:
chmod 4750 $BINARY
chown 0:$GID $BINARY
where $GID is the group id of the group you create in postinst.
That will make sure it gets the UID 0 correctly so that nice(2) will work ok
and also will make sure that only users of the group are allowed to execute
it.
[...]
I think that if we need to create a new group may be some non-expert
users won't be able to run eviacam properly (i.e. they might fail to add
their username to such group). Other options include:
i) ask the user whether to make eviacamloader SUID and explain that a
new group is needed and such and such.
Can be done with debconf quite easily as:
a) Ask whether SUID should be activated
Done. Package uploaded.
b) which users should be added to the group interactively
I would need some help here. Can you point a good document (or better,
an example) on how to interactively add users to a group using debconf?
Please set sensible defaults so that you can also work with
DEBCONF_FRONTEND=noninteractive
The default option is to *NOT* use SUID.
ii) completely get rid of the SUID thing at the expense of less
responsiveness.
If that's possible and doesn't limit core functionality it sounds like a
valid option. What downsides would that bring?
The core functionality is exactly the same. The only downside is that
eviacam won't work as smooth as if it were running in high priority
(i.e. the user might notice that the mouse pointer is less responsive
when CPU load is high).
I think debconf as explained above together with properly adding a new
group and importing users through debconf would be a good thing.
Agreed. But some help needed :-). Thanks.
Regards,
César
Reply to: