On 18 March 2014 18:16, Michael Homer <mich...@gobolinux.org> wrote:
> On Wed, Mar 19, 2014 at 5:41 AM, Hisham Muhammad <his...@gobolinux.org> wrote:
>> Hi,
>>
>> I'm going through some annoyances in my brand new Gobo 015
>> installation that are related to the handling of sudo in our Scripts.
>>
>> The symptom is that some Gobo scripts fail halfway through with
>> permission errors when run with `sudo`, but they work if I use `su`
>> and run them as root proper.
>>
>> I haven't diagnosed the whole thing in full yet, but it's not the
>> first time I have this kind of problem. This got me thinking...
>>
>> ...is the whole dance with Verify_Superuser and Release_Superuser
>> worth the effort, just to save us from typing `sudo` in things that
>> are really administrative tasks?
> The big problem as I remember was that the tools wrote files in ~,
> which ended up owned #0 if you ran them under sudo. They'd then break
> if you ran them again without sudo. It was a common problem reported
> in the channel. There were previous changes making the tools elevate
> permissions when they actually needed them so that people wouldn't
> have to run them under sudo.
Do they still write things in ~? I have a fuzzy memory of these things
but I can't find any dotfiles here. AFAIK the only thing in ~ now
that's used by the scripts is GPG signatures for signed packages, but
that's an, err, optional feature...
> People were quite resistant to not running them under sudo regardless,
> so Jonas's original changes just errored out when [ "$SUDO_USER" ], I
> think, but you didn't like that (again, I think), so they were
> modified to drop privileges back to the original user until the
> installation step required them. The privilege-dropping is a bit of a
> hack but at least at the time it worked with every combination of
> viable invocations.
Yeah, I remember it did work... Not sure what's going on now, but it's
certainly not the first time it behaved strange. I think it's just
fragile and fails in weird ways when any little thing is
misconfigured.
> I'm not sure at this point that these were the right choices to work
> around that issue. Certainly, a lot of people used `sudo
> {Compile,InstallPackage,Freshen}` and subsequently turned up in the
> channel with problems from it, so we should stop that somehow. I
> suspect some of the causes were subsequently resolved by later changes
> anyway.
>
> I notice that `sudo env` on the machine I'm on at the moment gives
> HOME=/root, so that probably points at a better resolution. It's a bit
> odd if the per-user cache and the root cache are out of sync and you
> get different results between checking something as yourself and
> installing as root immediately after though.
>> I was thinking of just stripping this whole thing away. The scripts
>> are basically already designed to run without it (because of rootless
>> mode) so I think it would just make things simpler and more reliable.
>>
>> As for concerns that were raised in the past tha Compile should not
>> build things running as root, then maybe what we need is a `builder`
>> user and use that instead when building (like we use `fibo` to
>> install). Also, it's probably wiser not to let the build run with our
>> own regular user anyway!
>
> This seems sensible on both accounts.
Cool, I'll probably try my hand at this in the weekend.
-- Hisham
_______________________________________________
gobolinux-devel mailing list
gobolinux-devel@lists.gobolinux.org
http://lists.gobolinux.org/mailman/listinfo/gobolinux-devel
