You are not logged in.
Pages: 1
Are there any security issues in doing something like this?
chown -R cam:users /var/lib/pacman
I've started doing a bit more work on my pacman desklet, which previously needed to be run as root (major issue IMO) to work due to file permissions. It uses libpypac, this is just for syncing with the online package database, == to pacman -Sy.
I backed up the tree in case and chowned the files to myself and the desklet runs no issue so my questions is this a problem? Can I leave it like this?
Thanks
Offline
that'd be fine, but any changes made by pacman are likely to be reverted back to root:root.
Preferably you would chown it root:pacman, and then chmod them all 775, so the group pacman has permissions.
Then add your user to the group 'pacman'.
Or what would be the best way, would be to add a /etc/sudoers line for pacman with visudo so your user doesnt need a password for pacman.
Offline
Only way to take advantage of that chown is to replace a 'files' from there with help of some exploit in an app run as user cam (or group users if they also have write permission) and hope that that package is uninstalled, deleting any files at choice.
So all in all, it's pretty safe.
Offline
I think iphitus's solution to add the user to the sudoers list for the pacman app only is the best solution..
"Be conservative in what you send; be liberal in what you accept." -- Postel's Law
"tacos" -- Cactus' Law
"t̥͍͎̪̪͗a̴̻̩͈͚ͨc̠o̩̙͈ͫͅs͙͎̙͊ ͔͇̫̜t͎̳̀a̜̞̗ͩc̗͍͚o̲̯̿s̖̣̤̙͌ ̖̜̈ț̰̫͓ạ̪͖̳c̲͎͕̰̯̃̈o͉ͅs̪ͪ ̜̻̖̜͕" -- -̖͚̫̙̓-̺̠͇ͤ̃ ̜̪̜ͯZ͔̗̭̞ͪA̝͈̙͖̩L͉̠̺͓G̙̞̦͖O̳̗͍
Offline
I think iphitus's solution to add the user to the sudoers list for the pacman app only is the best solution..
How about the pacman group solution? I like the sound of it better but does anyone else see a potential problem with it?
Offline
other than pacman creating new files with different groups when it runs. You would have to modify the root user account to write all files with group pacman, which could indeed open up vulnerabilities. Either that or rerun the chown on a regular basis in the directory.
"Be conservative in what you send; be liberal in what you accept." -- Postel's Law
"tacos" -- Cactus' Law
"t̥͍͎̪̪͗a̴̻̩͈͚ͨc̠o̩̙͈ͫͅs͙͎̙͊ ͔͇̫̜t͎̳̀a̜̞̗ͩc̗͍͚o̲̯̿s̖̣̤̙͌ ̖̜̈ț̰̫͓ạ̪͖̳c̲͎͕̰̯̃̈o͉ͅs̪ͪ ̜̻̖̜͕" -- -̖͚̫̙̓-̺̠͇ͤ̃ ̜̪̜ͯZ͔̗̭̞ͪA̝͈̙͖̩L͉̠̺͓G̙̞̦͖O̳̗͍
Offline
other than pacman creating new files with different groups when it runs. You would have to modify the root user account to write all files with group pacman, which could indeed open up vulnerabilities. Either that or rerun the chown on a regular basis in the directory.
I personally like the pacman group idea... maybe a feature request in the bug tracker would work..... have pacman setup to write as pacman.pacman ?
Offline
Pages: 1