On Fri, Jan 24, 2003, [EMAIL PROTECTED] wrote:
> while beeing a nice idea I am not 100% convinced that introducing the
> three openpkg users gains much more than it costs.
Perhaps correct, but for some packages (e.g. Postfix) it was a hard
requirement to have those additional user/group ids. So the question was
not really about "gains" the question was how to balance security and
still the functionality of all packages running.
> While we are all aware of the fact that we gain not much security with the
> introduction of these extra users we know that the extra protection from
> falsely interacting with the wrong rpm db can be archieved differently.
Be careful, we do not get "very much" of _additional_ security, but it
is nevertheless reasonable that packages like Postfix want to have them
for security reasons.
> Especially when using openpkg to employ deamons (like apache, postfix,...)
> it starts to become an annoyance to have the special openpkg users.
> (Without root permissions it is difficult to give the directories correct
> ownership when installing an openpkg rpm)
That's the reason why the _general_ rule in OpenPKG is: build as the
management user (%{l_musr}, in your case "cw") and install as the super
user (%{l_susr}, in usually all cases "root"). But this has nothing
to do with the extra restricted and nobody user/group ids. This is
just inherently necessary because daemons have setuid and other stuff
which just require super user priviledges. So, sure, for things like
Postfix it is _always_ necessary to install as root to result in correct
ownerships, etc.
> I therefor would like to discuss if it is possible to drop the 3 openpkg
> users approach?
We can discuss the topic, but I personally do not see any chance that
we can really avoid them (because we have extra introduced them with
OpenPKG 1.1 because they are required for security and functional
reasons).
So unless I overlook something important, I do not see how you want to
avoid them. What is your suggestion? If you do not have them, who is the
owner of the installation files? How do you want to deal with "nobody"
situations for daemons, i.e, under which uid are they running? How do
you want to ensure that multiple OpenPKG instances on the same machine
do not affect each other security-wise? How do you want to get beasts
like Postfix running at all (because it _insists_ of having at least
3(!) different user/group ids available)?
Ralf S. Engelschall
[EMAIL PROTECTED]
www.engelschall.com
______________________________________________________________________
The OpenPKG Project www.openpkg.org
Developer Communication List [EMAIL PROTECTED]
