Subject: Re: build.sh and -U confusion
To: Greg Troxel <firstname.lastname@example.org>
From: Steven M. Bellovin <email@example.com>
Date: 08/15/2005 20:52:00
In message <firstname.lastname@example.org>, Greg Troxel writes:
>"Steven M. Bellovin" <email@example.com> writes:
>> Hmm -- if you're running as non-root, create the metalog; when
>> installing, use the metalog if it exists. -U will create the metalog
>> even if running as root.
>I'm not sure, but I think it's critical to avoid a mixed
>metalog/non-metalog. But perhaps with that situation install will use
>uids/mode from the file if no metalog entry, and from metalog if
>an entry exists, so perhaps that's ok, just icky.
My general principle here is to avoid violating the rule of least
surprise. The current scheme does cause problems that way; we've seen
many mailing list messages that boil down to someone forgetting -U
either on compilation or installation. That scheme violates another
rule: the same information has to be specified twice. From the latter
point, I conclude that specifying it at compile time -- and thus
creating the metalog -- is a sufficient signal for the installation
However, I take it a step further. If you compile as non-root, you
*can't* create a proper tree; you have to have metalog. In other
words, building as non-root is itself a signal; in that case, why have
-U at all? But that compilation-time decision *must* create the flag
for installation time.
I don't see how this scheme can result in a mixed metalog/non-metalog
situation. If anything, it helps avoid it.
--Steven M. Bellovin, http://www.cs.columbia.edu/~smb