test platform for installing apps with elevated privs
Posted: Sat Jun 19, 2010 5:39 pm
for those who have not followed this closely, some new code opens up apache to running parts of install scripts with elevated privileges.
thanks to Jeanou (aka SolaR__) it does so in a way that does not open massive apache issues!
this rpm adds a script called: hda-add-
http://bit.ly/aWgyM4
in short, once this is applied to an hda, app install and uninstall scripts, as well as other things (like daemons or cronjobs) that run as the apache user (in fedora and www-somthing in ubuntu) can run code with elevated privileges! only code in
/var/hda/webapps/*/elevated/
and
/var/hda/apps/*/elevated/
can run as sudo. eg. an installer would do:
(cd elevated; sudo ./my-elevated-script)
this lets us review which parts are being run elevated, which is important to maintain the chain of trust that the users deposit on us when they install amahi!
thanks jeanou!
thanks to Jeanou (aka SolaR__) it does so in a way that does not open massive apache issues!
this rpm adds a script called: hda-add-
http://bit.ly/aWgyM4
in short, once this is applied to an hda, app install and uninstall scripts, as well as other things (like daemons or cronjobs) that run as the apache user (in fedora and www-somthing in ubuntu) can run code with elevated privileges! only code in
/var/hda/webapps/*/elevated/
and
/var/hda/apps/*/elevated/
can run as sudo. eg. an installer would do:
(cd elevated; sudo ./my-elevated-script)
this lets us review which parts are being run elevated, which is important to maintain the chain of trust that the users deposit on us when they install amahi!
thanks jeanou!