著者: Edward Bartolo 日付: To: John Morris CC: dng 題目: Re: [DNG] Systemd Shims
Regarding getting rid of requiring sudo, I vaguely remember suids are
something that have to do with file permissions. Please, could you
instruct me what I should read? Removal of sudo dependency from the
entire project is a matter of editing 2 or 3 lines in the Lazarus GUI
project. The latter is responsible for calling the backend with root
privileges.
On 20/08/2015, Edward Bartolo <edbarx@???> wrote: > The time for repository upload is approaching...
>
> Since, I am only a humble amateur coder, I still have not figured out
> how to create a proper Debian source package. This means, I will have
> to create a tar.gz archive as follows:
>
> source-tarball.tar.gz
> |
> |-------cli-backend------------backend.c
> |
> |-------network-manager (lazarus project source files as created by
> Lazarus)
>
>
> However, I would like to learn to use the maintainer tools to avoid
> doing it manually. Ideally, dpkg-buildpackage should be able to build
> a .deb package out of the sources without any other intervention, but
> those are my current limits.
>
> Please be aware that no pre-installation and post-installation scripts
> will be included. If you want me to write those, it will be yet
> another challenge.
>
> Edward
>
> On 20/08/2015, John Morris <jmorris@???> wrote:
>> On Mon, 2015-08-17 at 06:48 +0100, Edward Bartolo wrote:
>>> The backends can be integrated into one single executable not to
>>> clutter the sudoers file and to increase system efficiency.
>>
>> One suggestion here. Forget sudo and just make the backend suid root
>> like other system utilities of this type. Just make darned sure there
>> is no way to feed it command line input that could allow a root exploit
>> of course. It can check whatever permissions like ownership of the
>> local console/display, membership in wheel, etc. are desired to restrict
>> usage to only some users itself. Maintaining rules in sudoers is less
>> packagable even now that there is a /etc/sudoers.d directory to dump
>> fragments into.
>>
>