WelcomeWelcome | FAQFAQ | DownloadsDownloads | WikiWiki

Author Topic: [SOLVED] build script root ownership question  (Read 8420 times)

Offline gutmensch

  • Retired Admins
  • Hero Member
  • *****
  • Posts: 605
  • I can make it disappear, have no fear!
    • remembrance blog
Re: build script root ownership question
« Reply #15 on: March 07, 2013, 06:55:13 AM »
Simple set of rules:

1. All files root:root, 644 for files, 755 for executables, 755 for directories
2. Special settings varying on the software, e.g. setuid, setgid for Xorg, read/write-only for root in /etc/private or /var/..., special user like postfix or mysql, etc. within the extension or setup with the tce.installed/* script while booting.
3. [/usr/local]/etc/init.d/xyz scripts are usually system services and not user based services, so the simple set here is: check for root user, if not, just fail.
4. Tiny Core special settings, e.g. root:staff for /usr/local/tce.installed and 775

Optional:
5. If app/service can be run as a normal user (not as root!), make sure your init, start or extensions scripts are able to handle this. For example, query the $TCUSER variable and set the permissions accordingly when installing the extension. Or reconfigure the software so that it defaults to user writeable directories like $HOME, /tmp, etc.

@cups example: Since the service is run as root either way, the init script should also fail when not run as root, which is the easiest solution. Checkout the checkroot() helper function in /etc/init.d/tc-functions e.g. Try to use sudo in scripts as less as possible.
If I seem unduly clear to you, you must have misunderstood what I said. (Alan Greenspan)

aus9

  • Guest
Re: build script root ownership question
« Reply #16 on: March 07, 2013, 07:24:22 AM »
thankyou all for replying especially gutmensch

for those who are using some of my tczs, a number of them will need fixing.

I apologise for the time it will cause to be wasted for my fav tcz checker and users who wonder why they might see an update in the weeks ahead.

thread marked as solved