|
From: | Stuart Hughes |
Subject: | Re: [Ltib] How to use LTIB w/o root? |
Date: | Tue, 30 Jun 2009 10:53:30 +0100 |
User-agent: | Thunderbird 2.0.0.16 (X11/20080707) |
Hi Ryan, Ryan Nowakowski wrote:
On Tue, Jun 09, 2009 at 04:08:42PM +0100, Stuart Hughes wrote:Grant Edwards wrote:On Tue, Jun 09, 2009 at 09:05:26AM +0100, Stuart Hughes wrote:I need to correct a misunderstanding. LTIB needs you to setup sudo root access for rpm (to build an NFS mountable area with the devices, owners, permissions etc). However you are only ever running as root during the install phase of rpm building.Yes, I'm aware of that.Not only that, but there are many checks to make sure that ltib cannot write outside your project area. Does that reassure you or do you still have concerns?
[snip]
It's a compromise. On those system IIRC you can only build a RAMdisk/JFFS image and so you don't have to be root as genext2fs/mkfs.jffs2 doesn't need root access to make the image. The downside though is you can't incrementally deploy while NFS mounted, which I find a big productivity boost (./ltib -p strace for example).Maybe LTIB could be modified to run in 2 different modes. One mode that just produces the RAMdisk/JFFS image and doesn't require root access. The other mode runs as root to allow NFS deployment(the current mode).
That would be possible, but it's not a high priority (no problem has occurred and reasonable steps are taken). This would not be a small change as the interface area is still needed in order to build packages as you move up the package list.
Yes, xandros (eee pc) IIRC. Maybe Ubuntu (I can't recall). But in any case if you allow a user root access (even with a password) a simple slip at the command line will wipe out your disk.Note that on popular distros like Ubuntu a normal user is automatically enabled to run any command as 'sudo root' and that seems to be universally accepted.Without a password?Ubuntu by default allows normal users to have sudo access to everything but requires the user to type in their password when using sudo.
See the point below, having to type in your user password doesn't protect you from a slip on the command line:
2/ Accidental destruction, e.g. 'sudo rm -rf * /' (Iaccidentally hit a space),
Regards Stuart
[Prev in Thread] | Current Thread | [Next in Thread] |