Subject: RE: #define name for non-root pkg_install tools
To: 'Todd Vierling' <firstname.lastname@example.org>
From: Mark Funkenhauser <email@example.com>
Date: 05/10/2004 11:37:47
> -----Original Message-----
> From: tech-pkg-owner@NetBSD.org
> [mailto:tech-pkg-owner@NetBSD.org] On Behalf Of Todd Vierling
> Sent: Wednesday, May 05, 2004 1:37 PM
> To: Mark Funkenhauser
> Cc: firstname.lastname@example.org
> Subject: Re: #define name for non-root pkg_install tools
> On Wed, 28 Apr 2004, Mark Funkenhauser wrote:
> : With Interix, there are potentially two different Administrator user
> : accounts:
> : localSystem+Administrator and PrincipalDomain+Administrator
> : (uid = 197108 and uid = 1049594 respectively)
> Right. 1049594, however, is not treated specially by pkgsrc.
> Is a domain Administrator automatically a member of the local
> group (131616)? If so, pkgsrc should be happy as-is; it is
> using the gid
> (as of now, numerically) for most privilege check uses.
When your machine becomes part of a Windows domain, then the
domain\Administrators group becomes part of the local Administrators
And the domain Administrator is normally a member of the
> : I guess it depends if any of the pkg_* tools assume that the current
> : user is privileged.
> At the moment, pkg_* in pkgsrc does not do the permissions
> check on Interix at all.
That's not what I was getting at.
It's a question of what operations the pkg_* tools perform
and what privileges these ops require in order to be successful.
If any of these operations require a particular privilege,
then it may be reasonable to check that the current user has these
privileges first - rather than erroring out with permission or access
in the middle of a critical operation.