On Wed, Mar 19, 2014 at 5:41 AM, Hisham Muhammad <his...@gobolinux.org> wrote:
> Hi,
>
> I'm going through some annoyances in my brand new Gobo 015
> installation that are related to the handling of sudo in our Scripts.
>
> The symptom is that some Gobo scripts fail halfway through with
> permission errors when run with `sudo`, but they work if I use `su`
> and run them as root proper.
>
> I haven't diagnosed the whole thing in full yet, but it's not the
> first time I have this kind of problem. This got me thinking...
>
> ...is the whole dance with Verify_Superuser and Release_Superuser
> worth the effort, just to save us from typing `sudo` in things that
> are really administrative tasks?
The big problem as I remember was that the tools wrote files in ~,
which ended up owned #0 if you ran them under sudo. They'd then break
if you ran them again without sudo. It was a common problem reported
in the channel. There were previous changes making the tools elevate
permissions when they actually needed them so that people wouldn't
have to run them under sudo.
People were quite resistant to not running them under sudo regardless,
so Jonas's original changes just errored out when [ "$SUDO_USER" ], I
think, but you didn't like that (again, I think), so they were
modified to drop privileges back to the original user until the
installation step required them. The privilege-dropping is a bit of a
hack but at least at the time it worked with every combination of
viable invocations.
I'm not sure at this point that these were the right choices to work
around that issue. Certainly, a lot of people used `sudo
{Compile,InstallPackage,Freshen}` and subsequently turned up in the
channel with problems from it, so we should stop that somehow. I
suspect some of the causes were subsequently resolved by later changes
anyway.
I notice that `sudo env` on the machine I'm on at the moment gives
HOME=/root, so that probably points at a better resolution. It's a bit
odd if the per-user cache and the root cache are out of sync and you
get different results between checking something as yourself and
installing as root immediately after though.
> I was thinking of just stripping this whole thing away. The scripts
> are basically already designed to run without it (because of rootless
> mode) so I think it would just make things simpler and more reliable.
>
> As for concerns that were raised in the past tha Compile should not
> build things running as root, then maybe what we need is a `builder`
> user and use that instead when building (like we use `fibo` to
> install). Also, it's probably wiser not to let the build run with our
> own regular user anyway!
This seems sensible on both accounts.
-Michael
_______________________________________________
gobolinux-devel mailing list
gobolinux-devel@lists.gobolinux.org
http://lists.gobolinux.org/mailman/listinfo/gobolinux-devel
