[aur-general] Prefered way to create users/groups and handle files ownership
Thomas Bächler
thomas at archlinux.org
Tue Feb 4 10:29:01 EST 2014
Am 25.01.2014 17:13, schrieb Maxime Gauduin:
> The reason why permissions should be set in the PKGBUILD is because that
> way pacman can track them. Then it's up to the maintainer to choose
> UIDs/GIDs that do not conflict with official packages, and to the user to
> check that they don't already use that particular UID/GID ,before
> installing an AUR package.
This is not optimal, but there's a list of UIDs and GIDs:
https://wiki.archlinux.org/index.php/DeveloperWiki:UID_/_GID_Database
Beyond that, there's two comments I have:
1) Software shouldn't really rely on files being owned/writable by
certain users. An application is either a system service, which can
adjust the needed permissions at runtime before dropping privileges -
thus no need to hardcode uids or even user names. If the application is
a user application, then it writes with the user's permissions anyway.
If an admin wants a user application to run system-wide, it's his job to
set up user and working directory.
In short: apart from very few system-specific groups, the package
manager should not be involved here, and packages that need files owned
by special non-root users should be fixed.
2) *If* we really need specific UIDs, then pacman should gain a feature
where it translates ownership during package extraction.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 901 bytes
Desc: OpenPGP digital signature
URL: <http://mailman.archlinux.org/pipermail/aur-general/attachments/20140204/84462c57/attachment-0001.asc>
More information about the aur-general
mailing list