https://bugzilla.redhat.com/show_bug.cgi?id=1371984
--- Comment #1 from Randy Barlow <ra...@electronsweatshop.com> --- Created attachment 1196590 --> https://bugzilla.redhat.com/attachment.cgi?id=1196590&action=edit p1_pam patch for the facl solution One of the challenges with making this change is that there's a slight chicken and egg problem. We need to set the epam binary to mode 4750 (we don't want just any user executing it), which means that we want to set the group to ejabberd so that the ejabberd user can execute it. However, this erlang-p1_pam package is a dependency of the ejabberd package which means that the ejabberd user/group won't exist when erlang-p1_pam is installed. I considered having the p1_pam package create the ejabberd group if the group doesn't already exist, and we could solve this problem that way. p1_pam is currently only used by ejabberd so it wouldn't be that dirty. However, the upstream package is separated from ejabberd, presumably because they want it to be generally useful so it does seem strange for it to create an ejabberd group. Another option is to set the epam binary mode to 4700, but then have the ejabberd package set a facl on it that gives the ejabberd user the rx bits. This is a little strange as well, since it also seems wrong for a package to modify an artifact of another package. I lean towards the facl solution, but I'm interested in hearing some input from others. I'm attaching an extremely simple patch that would be applied to p1_pam for the facl solution, but if we go this route there would also be a required change to ejabberd so that it sets the ejabberd rx facl upon install. I've also considered that perhaps it makes sense to leave this problem up to the end user to solve, and deliver documentation about the various options. I think I lean away from doing it this way and towards solving it automatically through one of the above, but I thought it was worth consideration nonetheless. -- You are receiving this mail because: You are on the CC list for the bug. _______________________________________________ erlang mailing list erlang@lists.fedoraproject.org https://lists.fedoraproject.org/admin/lists/erlang@lists.fedoraproject.org
