Hi Jim, Pádraig,
I still don't see the logic of not including capabilities in the
"install" feature set. We could use chmod and chown separately, too. But
still, setting owner/group and mode are a core functionality of this
utility. Similarly, if we think that POSIX capabilities are important
(see e.g. http://fedoraproject.org/wiki/Features/RemoveSETUID), we
should make their use as easy and natural as possible. For me that means
at the minimum support in install, tar (and derived packaging tools) and
possibly ls.
Thanks,
Yaron
On 11/04/2010 03:22 PM, Jim Meyering wrote:
Yaron Sheffer wrote:
it's somewhat cleaner to have all the security-critical settings in
one place: owner, group, permissions, capabilities (and grep for "-P"
or "--capabilities"...). Plus you can rely on "install" to always be
there, which I don't think is true for "setcap".
Thanks for the patch.
However, since that's the only benefit I see (setcap may not be installed),
I'm 60:40 against. If you find some other install program with this
feature, that would strengthen the case for adding the option here.
