Sudo even more secure

[Jan Claeys]

Op vr, 24-03-2006 te 01:23 +0100, schreef Eric Feliksik:
> Jan Claeys wrote:
> > I don't want everybody to be able to install (system-wide) packages, but
> > I want apt to (be able to) run as non-root...
> > 
> > Why doesn't/can't apt & co. run as (e.g.) a user "apt" to install
> > packages that aren't core system packages?
> 
> The point is, as Dennis says, 'core system' is not really defined.

Well, I meant "those packages that are essential to be able to boot your
system".

> Then still, you probably wonder why games can't be installed as user.

I know very well why that doesn't work by default on (most) current
linux-based systems.  

> Well, they can, if you download & compile them, but then you should manually 
> tell the configure-script where to install and where to find it's 
> dependencies (libraries).
> You *could* implement this for apt, so you can tell apt to install 
> program A in you home-dir, but then it should check if A's dependencies 
> A_dep1 and A_dep2 are there in the root-dirs (/usr/lib etc), and if not, 
> it should install them in you homedir too. Even more, that means A 
> should be linked to A_dep1 and A_dep2 differently, which makes things 
> more complex. This also fills your homedir quite quickly.
> Nobody is willing to maintain such a situation, because you either make 
> sure you're root, and install things with the beautiful existing apt, or 
> you just download the source and run `./configure --lots-of-options && 
> make && make install'.

Again: I do *not* propose a system for allowing every user to install
programs.  A "solution" for that "problem" can be found in e.g. the
'Klik' system[1].

What I propose is that apt & dpkg shouldn't have to run as root to
install normal applications.  I propose that it runs as a *less*
privileged user to minimise the damage it can do.


[1] <http://klik.atekon.de/ubuntu.php>

-- 
Jan Claeys