[scponly] New scponly Snapshot Release

Kaleb Pederson kaleb.pederson at gmail.com
Sat Nov 20 19:54:42 EST 2010 

I don't see scponly as useful without running as root for a number of reasons:

* In order for a user-install to be useful, the user would also need to have access to a ssh daemon running on some port over 1024. This seems fairly unlikely.
* In order for the scponly shell to be owned and controlled by a regular user, it would require that /etc/shells contain the correct path to the scponly shell, and this is not a user-editable file.

That said, although the application may be built by a regular user as provided, I don't really see any substantial benefit to making it possible to do an install as a regular user.

Unless I hear from many people indicating they really need to do a full install as non-root, I'm going to leave the install as-is as it's been tried, tested, and is known to work.

-- 
Kaleb Pederson

Blog - http://kalebpederson.com
Twitter - http://twitter.com/kalebpederson

On Saturday, November 20, 2010 03:08:16 pm Frank Fegert wrote:
> > > On Saturday, November 20, 2010 08:49:28 am Sven Hoexter wrote:
> > Oh wait, I somehow assumed that this problem is part of a spec file shipped
> > with scponly but now, actually looking at it, I think I've been wrong with
> > that assumption. So IMHO this shouldn't be tackled in scponly but fixed
> > somehow in the spec file/rpm build enviroment used. Maybe patch out the
> > failling chown call and then somehow explain rpmbuild that this file should be
> > installed with root:root ownership. Or avoid the install part altogether and
> > manualy include the files in the package. I'm pretty sure that's possible via
> > the %files, %attr directives and friends.
> 
> Yes of course, permissions and ownership can be fixed within the
> spec file with the %defattr/%attr directives and the "-o 0 -g 0"
> part can be patched out of the Makefile before installing. What
> i was merely trying to ask is if it's really necessary to run the
> install command with user/group in the first place? As far as i
> can see there are three cases here:
>  1) You run the build/install process as root, in which case every-
>     thing should be fine even without the "-o 0 -g 0", since the
>     newly created files will have uid=0/gid=0.
>  2) You run the build/install process as non-root (RPM build env
>     or not doesn't matter). The install with "-o 0 -g 0" will fail
>     anyhow.
>  3) You run build as non-root and install as root. The install with
>     "-o 0 -g 0" will be actually useful.
> 
> Is case number three really that common? If it's causing too much
> of a headache, then don't worry about it. I'll simply patch the
> Makefile.in during the RPM build process.
> 
> Best regards,
> 
>     Frank
> 
> _______________________________________________
> scponly mailing list
> scponly at lists.ccs.neu.edu
> https://lists.ccs.neu.edu/bin/listinfo/scponly
>

More information about the scponly mailing list