>>>>> "BLH" == "Brian L Heess <- home" <DMbong@krumm.commline.com>> writes:
BLH> It seems to work (though I have REALLY tried them other than running
BLH> them and getting the debug info stuff.
Cool. If you got that far it should work, because mj_shell will croak in
the first 15 lines if the UID and GID aren't right. Unfortunately I think
I'm going to have to disable configedit if you're running under the
wrapper, because I need to be able to drop permissions to make it work.
Else you give anyone a free shell running as the Majordomo user. Too bad;
configedit is better than sliced bread (IMHO, of course).
If you can do the make postinstall thing and properly install the global
configuration and the response files without errors (and they end up with
the proper permissions) then I'd say it works as well as the non-wrapped
method.
BLH> I built a Makefile and a single source file, together they build 4
BLH> wrappers and have some instructions, and can set the perms.
Great. Looking at this, here's my revised plan:
* During the perl Makefile.PL phase, ask the user if they want the wrapper.
If so, generate and build the four wrapper executables.
* During the postinstall phase, do the switcheroo with the scripts and the
wrapper behind everyone's back. I don't want to actually build the
wrapper here because we're root, but I can't check the setuid thingy
until now. So if I even check at all, it will only to see if the user
needs to be told to start over building the wrappers this time.
Note that folks will get to use the wrappers even if they don't need them.
BLH> You all can check them out and let me know if it works, and I'll add
BLH> your platform to the list...
I'd appreciate knowing whether or not this works on HP-UX, which is the
other problem platform.
- J<
Follow-Ups:
References:
|
|
