[Pkg-shadow-devel] --root option in upstream shadow

Nicolas François nicolas.francois at centraliens.net
Sat Oct 22 11:54:12 UTC 2011


Hello,

I'm the upstream maintainer of the shadow utilities.

I was informed of the OpenEmbedded's add_root_cmd_options patch and would
like to integrate it upstream.

First of all, thanks a lot for implementing this feature. I was asked
multiple times for it or something similar, but never found time to work
on it.

I did not review it completely yet, but would have a question.
What is the expected behavior when the utility authenticates the caller?
 1] authenticate the caller in the caller's chroot
 2] authenticate the caller in the target's chroot
 3] both

I currently think that 3] would be the right behavior: the caller needs to
be authenticated to make sure it is allowed to use the tool, then it
should be authenticated on the target to make sure the operation is
allowed.
...But this is much more complex.

If this is fine for you, I would prefer to disable this feature when the
utility is setuid and not executed by root.

Best Regards,
-- 
Nekral



More information about the Pkg-shadow-devel mailing list