On Mon, Oct 19, 1998 at 07:21:35PM -0700, Joey Hess wrote: > Branden Robinson wrote: > > > 3) The server no longer is setud root. Thus it refuses to come up at all. > > > 4) startx only comes up under root (some authority problem). > > > > I'm now using suidregister to make /usr/bin/X11/X (which is Debian's X > > server wrapper) setuid root -- it ships with plain old mode 755. > > xserver-common (which contains the wrapper) was one of the files with the > > "getreal" problem, so the script bombed out before suidregister was called. > > With the fixing of 2) above this should no longer be a problem. > > Sorry, that's not how suidregister is intended to work. Suidregister is not > a base package, it is not guarenteed to be installed. What you're supposed > to do is ship the .deb with the file(s) having the permission you intend > them to have. (In this case, they should be suid). In the postinst, call > suidregister if it's installed. Then when suidregister runs, it will set the > permissions to what the admin specifies in /etc/suid.conf. Well, I was just following the example set in sendmail. # manage setuid X binary if [ -x /usr/sbin/suidregister ]; then suidregister -s xserver-common /usr/X11R6/bin/X root root 4755 else chmod 4755 /usr/X11R6/bin/X fi If this is wrong, we need some policy about it. I couldn't find any in the latest version of the policy manual. -- G. Branden Robinson | Debian GNU/Linux | Please do not look directly into laser branden@ecn.purdue.edu | with remaining eye. cartoon.ecn.purdue.edu/~branden/ |
Attachment:
pgpDpoQVAW8tP.pgp
Description: PGP signature