Mailinglist Archive: zypp-devel (116 mails)
| < Previous | Next > |
Re: [zypp-devel] ZYpp lock - where don't we want it?
- From: Jan Kupec <jkupec@xxxxxxx>
- Date: Thu, 14 Jun 2007 12:51:19 +0200
- Message-id: <46711DA7.3040103@xxxxxxx>
Stanislav Visnovsky wrote:
> Dňa Ut 12. Jún 2007 16:38 Jan Kupec napísal:
>> Where we don't want a zypp lock? Where we need read access only in
>> general. In particular:
>>
>> - listing known repositories
>> - search (all kinds - listing available updates falls into this
>> category)
>> - other queries like zypper info, zypper patch-info, etc
>> - (other cases?)
>> This list also applies to read access for non-root users. That means
>> /etc/zypp/repo.d/* and /var/lib/cache/zypp.db must be readable by
>> non-roots. (I can't think of more.)
>
> /etc/zypp/repo.d/* contains passwords, so we can either store passwords
> elsewhere or disallow access to that directory for non-root.
Please let's decide this now as this affects zypper (it does not affect
yast, since it requires root anyway). The options:
1. we will always require root for 10.3
2. make /etc/zypp/repos.d world-readable and solve the passwords issue
later
3. make /etc/zypp/repos.d world-readable and store passwrods in
a separate file accessible by root only
(e.g. /etc/zypp/repos.d/passwd)
jano
--
To unsubscribe, e-mail: zypp-devel+unsubscribe@xxxxxxxxxxxx
For additional commands, e-mail: zypp-devel+help@xxxxxxxxxxxx
> Dňa Ut 12. Jún 2007 16:38 Jan Kupec napísal:
>> Where we don't want a zypp lock? Where we need read access only in
>> general. In particular:
>>
>> - listing known repositories
>> - search (all kinds - listing available updates falls into this
>> category)
>> - other queries like zypper info, zypper patch-info, etc
>> - (other cases?)
>> This list also applies to read access for non-root users. That means
>> /etc/zypp/repo.d/* and /var/lib/cache/zypp.db must be readable by
>> non-roots. (I can't think of more.)
>
> /etc/zypp/repo.d/* contains passwords, so we can either store passwords
> elsewhere or disallow access to that directory for non-root.
Please let's decide this now as this affects zypper (it does not affect
yast, since it requires root anyway). The options:
1. we will always require root for 10.3
2. make /etc/zypp/repos.d world-readable and solve the passwords issue
later
3. make /etc/zypp/repos.d world-readable and store passwrods in
a separate file accessible by root only
(e.g. /etc/zypp/repos.d/passwd)
jano
--
To unsubscribe, e-mail: zypp-devel+unsubscribe@xxxxxxxxxxxx
For additional commands, e-mail: zypp-devel+help@xxxxxxxxxxxx
| < Previous | Next > |