From owner-freebsd-bugs  Thu May  4 12:39:50 2000
Delivered-To: freebsd-bugs@freebsd.org
Received: from ns1.sunesi.net (ns1.sunesi.net [196.15.192.194])
	by hub.freebsd.org (Postfix) with ESMTP id 9007E37C1A2
	for <freebsd-bugs@freebsd.org>; Thu,  4 May 2000 12:39:43 -0700 (PDT)
	(envelope-from nbm@sunesi.net)
Received: from nbm by ns1.sunesi.net with local (Exim 3.03 #1)
	id 12nRT7-0006OS-00; Thu, 04 May 2000 21:39:29 +0200
Date: Thu, 4 May 2000 21:39:29 +0200
From: Neil Blakey-Milner <nbm@mithrandr.moria.org>
To: Jin Guojun <jin@george.lbl.gov>
Cc: n_hibma@calcaphon.com, freebsd-bugs@FreeBSD.ORG
Subject: Re: bin/18373: pkg_delete shouldn't insist on root
Message-ID: <20000504213929.D23799@mithrandr.moria.org>
References: <200005041936.MAA09285@george.lbl.gov>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
X-Mailer: Mutt 1.0.1i
In-Reply-To: <200005041936.MAA09285@george.lbl.gov>; from jin@george.lbl.gov on Thu, May 04, 2000 at 12:36:48PM -0700
Organization: Sunesi Clinical Systems
X-Operating-System: FreeBSD 3.3-RELEASE i386
X-URL: http://rucus.ru.ac.za/~nbm/
Sender: owner-freebsd-bugs@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.org

On Thu 2000-05-04 (12:36), Jin Guojun wrote:
> > No, it doesn't.  You should read the pkg_delete man page, and look at
> > the PKG_DBDIR environment variable, and the fact pkg_delete isn't
> > setuid.  It isn't a security concern.  It doesn't let users do anything
> > more than they usually can.  It just lets them use a tool to ease
> > automation of what they'd have to do themselves.
> > 
> > Neil
> > -- 
> 
> ll /var/db
> total 6
> drwxr-xr-x   3 root    wheel   512 Apr 21 10:23 ./
> drwxr-xr-x  18 root    wheel   512 Apr 18 02:31 ../
> -rw-rw-r--   1 nobody  wheel     0 Apr 18 04:16 locate.database
> -rw-r--r--   1 root    wheel     0 Apr 21 12:00 mountdtab
> drwxr-xr-x  47 root    wheel  1536 Apr 21 18:38 pkg/
> -rw-r--r--   1 root    wheel     9 Apr 18 04:12 port.mkversion
> -rw-r--r--   1 root    wheel   256 May  4 08:05 statd.status
> 
> If a user wants to do pkg_delete without root privilege, the /var/db/pkg
> has to be world rw-able, then every one can adding/removing stuff from
> /var/db/pkg directory. This situation is not acceptable.

Kindly do as I suggested.  Read the man page.  Look at the PKG_DBDIR
environment variable.  If you don't like man pages, read the source.
Read _something_, before commenting.

Ok, I'm going to give it away.  Unless PKG_DBDIR is set, '/var/db/pkg'
is the default location.  _If_ it is set, it uses PKG_DBDIR instead of
'/var/db/pkg'.

Neil
-- 
Neil Blakey-Milner
Hacker In Chief, Sunesi Clinical Systems
nbm@mithrandr.moria.org


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-bugs" in the body of the message