|
From: | Yaron Sheffer |
Subject: | Re: [coreutils] [patch] Re: Install enhancement request: capabilities |
Date: | Sun, 07 Nov 2010 15:57:22 +0200 |
User-agent: | Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.9.2.12) Gecko/20101027 Lightning/1.0b2 Thunderbird/3.1.6 |
Hi Jim, Pádraig,I still don't see the logic of not including capabilities in the "install" feature set. We could use chmod and chown separately, too. But still, setting owner/group and mode are a core functionality of this utility. Similarly, if we think that POSIX capabilities are important (see e.g. http://fedoraproject.org/wiki/Features/RemoveSETUID), we should make their use as easy and natural as possible. For me that means at the minimum support in install, tar (and derived packaging tools) and possibly ls.
Thanks, Yaron On 11/04/2010 03:22 PM, Jim Meyering wrote:
Yaron Sheffer wrote:it's somewhat cleaner to have all the security-critical settings in one place: owner, group, permissions, capabilities (and grep for "-P" or "--capabilities"...). Plus you can rely on "install" to always be there, which I don't think is true for "setcap".Thanks for the patch. However, since that's the only benefit I see (setcap may not be installed), I'm 60:40 against. If you find some other install program with this feature, that would strengthen the case for adding the option here.
[Prev in Thread] | Current Thread | [Next in Thread] |