On Sat, 2008-10-25 at 10:00 -0400, Daniel Kahn Gillmor wrote: > On Sat 2008-10-25 05:25:07 -0400, Franklin PIAT wrote: > > > My primary implementation idea was to make the folders owned by the > > group staff (like /usr/local). Would that fit your need ? > > I'd rather not do that; membership in group staff is a huge privilege > (because you can rewrite /usr/local, as you say, which means members > could place a trojan in /usr/local/bin/ls, for example). So > membership in that group is not something that is easily granted.
Actually, the group "staff" was just an example. I'm not completely decided how I'll implement that. I may just document how to use "dpkg-statoverride" if one want to trick the permissions. For example, with your patch, one can move the directories to /srv easily. The admin will just have to chgrp + chmod g+rws what ever fits his/her needs. > > I wonder why you defined DI_NETBOOT_ASSISTANT_CONFIG. Do you need to > > be able to use multiple configuration dir ? or would it be fine to > > use ~/.di-netboot-assistant.conf (then fall back to /etc/... ) > > Ah, this makes more sense than what i did. As long as a user-supplied > config file is possible (so DL_CACHE, STATUS_LIB and CONFIG_DIR can be > overridden), the tool can be run cleanly as a non-privileged user. It > should probably fail cleanly if the user is unable to write to > DL_CACHE or STATUS_LIB, though. > > Would you like me to submit a new patch that works this way? If you feel like working on this, your welcome. Otherwise I'll adapt your patch. The SVN http://svn.debian.org/wsvn/d-i/trunk/netboot-assistant/ already contains some committed changes (I have a few other changes in private git repository, waiting for testing/squeeeze). Franklin -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
