begin quoting Gregory K. Ruiz-Ade as of Tue, May 13, 2008 at 11:11:38AM -0700: > On May 12, 2008, at 5:51 PM, Andrew Lentvorski wrote: > > >3) Root to install. If software requires root for no good reason, > >it goes into the trash. > > The only things that _need_ to be root to be installed tend to fall > into the following categories, in my experience: > > ? The install process _really_ wants to chown/chgrp/chmod everything > it's installing to some value that may or may not be necessary. For > some things, like network services which you are trying to keep > relatively self-contained for security reasons, can legitimately say > they require this, and generally only root can create a new "service" > user/group and chown the installed files.
This should be a warning, not an error worth aborting over. Tell me "You should not do this:" and give me a list of steps. Or even a list of commands to run when I get around to it. > This seems marginally okay to me, and I get supremely annoyed when it > doesn't really need to do that. Things I'll excuse for that behavior > are things like Postfix, which try very hard to keep to themselves > once installed and running. In theory, you can install postfix as > your own user account if you really want to, and it should work just > fine (aside from being able to open ports 25, 465 and 587 without root > capability). It's a grey area for me. I believe this was the reason that OpenOffice used to use to justify requiring administrator access. > ? You're installing something that needs to start as root in order to > claim a low port, but then drops privileges to a non-root user. > > In today's computing environment, This just seems outrageously stupid > to me. It's not like being root is some magical, bureaucratically- > approved status. Any idiot can have root on a machine thanks to > Linux, *BSD, Mac OS X, etc. There's just nothing special about low > ports anymore, if you ask me, so it seems kind of silly to still > require that a process be owned by root in order to snag a listening > port < 1024. This should be fixable with relative ease (Linux, *BSD), > but I've never looked into it. I think Peter da Silva's correct: http://groups.google.com/group/alt.folklore.computers/msg/aac01bd0f8e67f0e EVERYTHING in the system should be controlled with the filesystem. > ? You're installing something in a part of the filesystem hierarchy > where you, as a normal user, do not have sufficient write access to > copy the necessary files. This is really only a problem when you can't specify WHERE to install the program. Hard-coded installation paths are just wrong. > I'm not sure I see a way around this one, but if an installer assumes > that this is the case without testing first, I get really annoyed. Yes. > Better to just fail with a "You can't write to /path/to/foo, so I > can't install BarMatic for you there" message, IMHO. <voice character="Brain">Yes!</voice> > ? You're installing third-party kernel extensions > > This one really seems like the only one that should legitimately > demand to be root to do. It's something that affects the core of the > system, with great potential for screwing up badly. But there's no need for the *program* to check such things. -- I need to play around with fakeroot. Stewart Stremler -- [email protected] http://www.kernel-panic.org/cgi-bin/mailman/listinfo/kplug-list
