[Bug 176253] Review Request: clement-2.1
bugzilla at redhat.com
bugzilla at redhat.com
Mon Aug 14 12:52:54 UTC 2006
Please do not reply directly to this email. All additional
comments should be made in the comments box of this bug report.
Summary: Review Request: clement-2.1
https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=176253
------- Additional Comments From j.w.r.degoede at hhs.nl 2006-08-14 08:43 EST -------
(In reply to comment #18)
> Seems I do not explain myself right...
> %{_usr}/bin/%{name} MUST be own by 'somebody' else than root to have clement to
> know, once started, under which ID it must run (the application look about
> the file ownership and say 'ok lets seteuid to this'), if the application
> is not setuid the only other way is to hard code the effective uid, this is
> not good from my stand point. I choosed 'mail' because this ID is used by
> related application. I want to give possibility to change this on the fly
> by local sysadmin.
>
I understand.
> useradd and groupadd clement where part of the original implementation but
> removed to comply to rpmlint.
> If rpmlint is a reference tools to 'the right way to do something' warning
> can't ignore. IMHO rpmlint warning are 'you are doing something which can work
> but are against established standard'.
No, a rpmlint warning means you shouldnot be doing this unless you've got a good
reason, and it this case we have a good reason so using user and groupadd is ok.
(In reply to comment #19)
> > I choosed 'mail' because this ID is used by related application.
>
> This asks for a very close look. Either it is a necessity, by design,
> that the program must run as "mail". Or it is a fault, and it runs with
> a shared uid/gid it should not have access to.
>
If I understand jmp correctly its the latter (a fault) jmp if you think it is
better to have it run as clement, feel free to add the user, in exceptional
cases (which daemons always are) you can ignore the relevant rpmlint warnings,
thats why they are warnings, rpmlint deliberatly has 2 levels of compaining,
warn and error, and these are only warnings.
--
Configure bugmail: https://bugzilla.redhat.com/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the QA contact for the bug, or are watching the QA contact.
More information about the Fedora-package-review
mailing list