Stephen Quinney <[EMAIL PROTECTED]> a tapoté :
> On Mon, May 12, 2003 at 04:48:23PM +0200, Mathieu Roy wrote:
> > Stephen Quinney <[EMAIL PROTECTED]> a tapot? :
> >
> > > Package: pdbv
> > > Version: 2.0.3-2
> > > Severity: grave
> > > Justification: renders package unusable
> > >
> > > [details snipped]
> >
> > That's right.
> >
> > But it's does not really renders the package unusable. People just
> > have to run pdbv as root one time.
>
> OK, I can see that that would fix the problem. I initially presumed
> that running it as root would produce a directory that was owner/group
> root. On a slightly different note, upgrading pdbv on another box
> comes up with the slightly different permissions problem that the
> directory /var/www/pdbv is already owner/group root so user nobody has
> no rights to change the files.
Yes but each time pdbv is ran as root, it makes sure that files will
be given to "nobody".
>
> When I go to run pdbv as root I get a message:
>
> "Running pdbv as root jeopardizes your system security, you should not
> do that."
>
> As I do not want my system security to be jeopardized there is no way
> I'm going to want to run this as root even once is there?
Running pdbv as root is normally safe. Until the 2.0.3, it was the
default behavior.
But the fact is pdbv does not need to be root. And running a software
as root while it's not required should be avoided. Because it creates
unnecessary risks.
But fact is pdbv 2.0.3 need to be run one time as root to create the
/var/www/pdbv directory with appropriate ownership.
So you have to do it. It's already fixed in the 2.0.4, that will be
released soon.
If running pdbv as root was a crime, it would be forbidden :) It only
prints a warning, to incitate people to avoid getting wrong habits and
make sure they are running pdbv as root because they want to and not
because they did not think about it.
Regards,
--
Mathieu Roy
Homepage:
http://yeupou.coleumes.org
Not a native english speaker:
http://stock.coleumes.org/doc.php?i=/misc-files/flawed-english
