Mailinglist Archive: zypp-devel (116 mails)
| < Previous | Next > |
Re: [zypp-devel] ZYpp lock - where don't we want it?
- From: Stanislav Visnovsky <visnov@xxxxxxx>
- Date: Thu, 14 Jun 2007 13:00:13 +0200
- Message-id: <200706141300.13818.visnov@xxxxxxx>
Dňa Št 14. Jún 2007 12:51 Jan Kupec napísal:
> Stanislav Visnovsky wrote:
> > Dňa Ut 12. Jún 2007 16:38 Jan Kupec napísal:
> >> Where we don't want a zypp lock? Where we need read access only in
> >> general. In particular:
> >>
> >> - listing known repositories
> >> - search (all kinds - listing available updates falls into this
> >> category)
> >> - other queries like zypper info, zypper patch-info, etc
> >> - (other cases?)
> >>
> >> This list also applies to read access for non-root users. That means
> >> /etc/zypp/repo.d/* and /var/lib/cache/zypp.db must be readable by
> >> non-roots. (I can't think of more.)
> >
> > /etc/zypp/repo.d/* contains passwords, so we can either store passwords
> > elsewhere or disallow access to that directory for non-root.
>
> Please let's decide this now as this affects zypper (it does not affect
> yast, since it requires root anyway). The options:
>
> 1. we will always require root for 10.3
> 2. make /etc/zypp/repos.d world-readable and solve the passwords issue
> later
> 3. make /etc/zypp/repos.d world-readable and store passwrods in
> a separate file accessible by root only
> (e.g. /etc/zypp/repos.d/passwd)
Option 3) sounds good to me.
Stano
--
To unsubscribe, e-mail: zypp-devel+unsubscribe@xxxxxxxxxxxx
For additional commands, e-mail: zypp-devel+help@xxxxxxxxxxxx
> Stanislav Visnovsky wrote:
> > Dňa Ut 12. Jún 2007 16:38 Jan Kupec napísal:
> >> Where we don't want a zypp lock? Where we need read access only in
> >> general. In particular:
> >>
> >> - listing known repositories
> >> - search (all kinds - listing available updates falls into this
> >> category)
> >> - other queries like zypper info, zypper patch-info, etc
> >> - (other cases?)
> >>
> >> This list also applies to read access for non-root users. That means
> >> /etc/zypp/repo.d/* and /var/lib/cache/zypp.db must be readable by
> >> non-roots. (I can't think of more.)
> >
> > /etc/zypp/repo.d/* contains passwords, so we can either store passwords
> > elsewhere or disallow access to that directory for non-root.
>
> Please let's decide this now as this affects zypper (it does not affect
> yast, since it requires root anyway). The options:
>
> 1. we will always require root for 10.3
> 2. make /etc/zypp/repos.d world-readable and solve the passwords issue
> later
> 3. make /etc/zypp/repos.d world-readable and store passwrods in
> a separate file accessible by root only
> (e.g. /etc/zypp/repos.d/passwd)
Option 3) sounds good to me.
Stano
--
To unsubscribe, e-mail: zypp-devel+unsubscribe@xxxxxxxxxxxx
For additional commands, e-mail: zypp-devel+help@xxxxxxxxxxxx
| < Previous | Next > |