[prev in list] [next in list] [prev in thread] [next in thread]
List: kde-maemo
Subject: Re: Kontact Touch running on Harmattan
From: Laszlo Papp <lpapp () kde ! org>
Date: 2011-10-25 8:23:46
Message-ID: CAOMwXhPem3wk-T6LaTPXF01bPus-tb-V9uxBNOVsV5rYtgtOTg () mail ! gmail ! com
[Download RAW message or body]
> I think this is acceptable on a typical "single user" device.
I think it is a security principle violation, and it is more like just
a workaround. I am not sure it will pass the OVI QA process, but
certainly not recommended.
I am trying to give you an example how to do it properly:
debian/yourpackage.aegis:
<aegis>
<request>
<credential name="UID::A"/>
<credential name="GID::B"/>
<for path="/usr/bin/helloworld"/>
<for path="/usr/sbin/foobar>
</request>
</aegis>
A: The user of the relevant file or/and directory you wanted to modify by chown
B: The group of the relevant file or/and directory you wanted to modify by chown
You can get those user and group by using "ls -lda"-like commands.
/usr/bin/helloworld: The process one which would like to have the
relevant access to the desired file or/and directory
/usr/sbin/foobar: Another process which would like to thave the
relevant access to the desired file or/and directory
Note that you request the credential for the process which needs to
have the accesses and not the output file.
If it is for maintainer scripts, it is better to use this:
<request context="INSTALL">
...
</request>
In order to understand the logic: your process will run with the
relevant user/group privileges, and you do not need to use chown
because of this logic.
Hope it helps. I am all for help, just ask if something is not clear. :)
Best Regards,
Laszlo Papp
_______________________________________________
Kde-mobile mailing list
Kde-mobile@kde.org
https://mail.kde.org/mailman/listinfo/kde-mobile
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic