Re: Gnome 2.2 with normal user - More info

From: Danilo Šegan <dsegan gmx net>
To: Core <core enodev com>
Cc: garnome-list gnome org
Subject: Re: Gnome 2.2 with normal user - More info
Date: Sat, 15 Feb 2003 08:26:55 +0100

Core wrote:

I agree with some points, but there's more than one way to do it.
Someone building garnome ought to also be able to edit one file, and run
it however they want.

I quite agree, but if someone building as root finishes up withinstallation in /root/garnome, it seems as if that someone was notactually able to "edit one file." I cannot see a reason to installGARNOME in this location, if not for allowing *only* root to use it.

On Fri, 2003-02-14 at 15:46, Danilo Šegan wrote:
Core wrote:
Maybe a note about umask should be in the FAQ. Just enough for newbies.
I don't think so. If one decides to build as root, (s)he is supposed tobe a "system administrator", and of course, quite familiar with theumask and everything else.
Those who build garnome are only necessarily /users/, not sysadmins. I
don't know about you, but my machine has many users, and I install
software. I also like to use my computer to teach and evangelize.

You install software, have a machine with many users, meaning, you are asysadmin. So, you know about umasks, and all the stuff you need. Usersshould build in their own home directories, and so be able to use it. Ifthey know at least a bit about permissions, they'll also make itpossible for other users on the same system to use the sameinstallation. If not, they should NOT build it in /root/garnome.

This way, you keep the traditional level of security ("traditional" in asense that noone is allowed to write, read or even cd to a root homedir, a protection you advised earlier to be shut off!), and get all thebenefits of multi-user install.
The same goes for all software. This is a great way to do things, if
you're a control freak. This way, you can say "You can run kde, but not
gnome". I really could give a shit.

It also allows for protecting the files of root, because even cding toroot directory is sometimes considered harmful.

And last, I believe FAQ says that you should *NOT* install the GARNOMEas root: if it's not there, then it should be updated.
I disagree, as long as things aren't suid. So long as you edit one line
in gar.conf.mk and umask 022 your fine. You really just should run gnome
as root. Not secure.

No, you misunderstood me. The FAQ should say that one ought to build asnon-root. Whoever is capable and willing, is by no chance obliged to doso. But, as you might have noticed, this list is full of problemsarising from building as root. If one at least temporarily made /optwriteable by some other user, he could achieve the same thing withoutreaching any problems.

Finally, GARNOME is officialy for testers (though it's listed ongnome.org/start/2.2 as one way to get a distribution). Maybe a change ofdirection is what you're asking for, and if that happens, it willprobably be more suited to system-wide installation.


Ok, lets get this discussion off the GARNOME list.

Best regards,
Danilo

References:
- Gnome 2.2 with normal user - More info
  - From: Tiago Cruz
- Re: Gnome 2.2 with normal user - More info
  - From: Daniel Serodio
- Re: Gnome 2.2 with normal user - More info
  - From: Core
- Re: Gnome 2.2 with normal user - More info
  - From: Core
- Re: Gnome 2.2 with normal user - More info
  - From: Danilo Šegan
- Re: Gnome 2.2 with normal user - More info
  - From: Core

[Date Prev][Date Next] [Thread Prev][Thread Next] [Thread Index] [Date Index] [Author Index]