#134 Run as 'fink-bld' for build-as-nobody

closed-accepted
nobody
None
5
2007-08-26
2006-10-22
No

This patch will make fink look for a 'fink-bld' user if run with --build-
as-nobody. If that user exists, the build is done under 'fink-bld', if not,
the user 'nobody' is used, but a warning is issued to install the 'passwd'
package that contains the 'fink-bld' user.

This was motivated by a comment of 'wsanchez' on the #svn channel,
saying:
" Just FYI. You should never start a process as user (or group) "nobody".
User nobody exists for NFS' maproot= feature. The idea being that you
can map the root user to nobody on the NFS filesystem, there by giving
root access to no files that aren't world-readable."

A couple of things that need to be discussed:
- Is 'finger' an appropriate method to check for the existence of user
'fink-bld'?
- Would the build_as_user_group method better be in Service.pm
instead of Config.pm?
- Is the warning appropriate or should we disallow 'nobody' alltogether?
- Why did we do
chowname ':admin', $destdir
and not
chowname 'root:admin', $destdir
? That would make the code a little simpler.

Discussion

1 2 > >> (Page 1 of 2)
  • Logged In: YES
    user_id=286406

    As recommended by dmacks, it makes more sense to use getpwnam instead
    of finger. See r2 of patch.

     
  • Daniel Macks
    Daniel Macks
    2006-12-05

    Logged In: YES
    user_id=535292
    Originator: NO

    Instead of having the caller of build_as_user_group() specify which type(s) of data to return and then having a giant if/else/else to return them, might be better to return a hash of all the data. No need for all that overhead, and it's just hard-coded text strings so no tradeoff cost of calculating data that isn't wanted. Also would allow caller to get several types of data all at once instead of having to make several calls to the function.

    For example:
    $result = {qw/ user nobody group nobody user:group nobody:nobody /};

    Then PkgVersion can do:
    my $build_as_user_group = $config->build_as_user_group();
    chowname $build_as_user_group->{'user:group'}, $destdir or

     
  • Daniel Macks
    Daniel Macks
    2006-12-06

    Logged In: YES
    user_id=535292
    Originator: NO

    Major inconsistency in calling... Foo::Bar::baz($a,$b) and $thing->baz($a,$b) do *not* give the same parameters to baz(). There's no $self in the former.

     
  • Logged In: YES
    user_id=286406
    Originator: YES

    Attached build_as_fink-bld.patch Rev. 3.

    We could still simplify the code quite a bit by doing:

    chowname 'root:admin', $destdir

    instead of

    chowname ':admin', $destdir

    Is there a reason why 'root' is omitted? Does it hurt having 'root:admin'?
    File Added: fink_build_as_fink-bld_r3.patch

     
    • summary: Run as 'fink-bld' for buil-as-nobody --> Run as 'fink-bld' for build-as-nobody
     
  • Logged In: YES
    user_id=286406
    Originator: YES

    Attached build_as_fink-bld.patch Rev. 4

    Simplified to call chowname 'root:admin', $destdir instead of chowname ':admin', $destdir

    Seems to work fine here.
    File Added: fink_build_as_fink-bld_r4.patch

     
1 2 > >> (Page 1 of 2)