synaptic-devel
[Top][All Lists]
Advanced
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Synaptic-devel] synaptic locking out password

From: Eric Duveau
Subject: Re: [Synaptic-devel] synaptic locking out password
Date: Thu, 26 Mar 2009 12:56:34 +0100
Thank for this detailed explainations:

The solution I am looking is simple and easy to implement.
In the meantime I will use sudo on selfmade scripts like:

to install a package:

sudo aptgetintall

cat  aptgetintall
#/bin/bash
apt-get install $1

to upgrade

sudo aptgetupgrade

cat aptgetupgrade
#/bin/bash
apt-get upgrade

User will be able to install and upgrade

sudo -l
aptgetintall, aptgetupgrade


On Wed, Mar 25, 2009 at 10:46 PM, Vít Pelčák <address@hidden> wrote:
2009/3/25 Eric Duveau <address@hidden>:
> I thought it was easier to lock removal ou reinstallation of a package.
>
> I do not understand why the use of metapackage would protect the removal of
> some dependant packages.

No, those packages wouldn't depend on metapackage. That metapackage
would depend on them. Then you could simply block that single
metapackage and as it would be impossible to remove it, so would be
impossible to remove packages which this metapackage depends on.

Also, another option is to try to play with SELinux or Apparmor. There
you could block root access to specific files. So even when your son
would have ran Synaptic with root permissions, he wouldn't be able to
touch specific files.

Another option is to make files you don't want to have deleted to set
as read only. This is done by "sudo chmod -w file". But you will have
problems to update them. To be able to update them simply run "sudo
chmod +w file"

But instead of using -x and +w it is better to learn about permissions
and set access rights better by setting permissions by numbers to be
able to set permissions more exactly. By simple using +w you can give
write permissions to more users you probably want to.

Decision is up to you.

> My knowledge is not so deep, sorry for these simple questions.

Ah. Then you'll most probably wont be able to do that metapackage anyway.

>
> On Tue, Mar 24, 2009 at 7:58 PM, Vít Pelčák <address@hidden> wrote:
>>
>> As I said. Do metapackage which depends on packages you need
>> installed, install it, remove those files.
>>
>> Package can be reinstalled, but not that metapackage, because you can hide
>> it.
>>
>> 2009/3/24 Eric Duveau <address@hidden>:
>> > Hi,
>> >
>> > moving its files from /var/log/info is an interesting idea.
>> >
>> > Yet, I see a pb:
>> >
>> > With synaptic you can reinstall the package
>> >
>> >
>> > On Tue, Mar 24, 2009 at 2:35 PM, Vít Pelčák <address@hidden> wrote:
>> >>
>> >> What about making virtual package, which would depend on packages you
>> >> need to have installed and lock this.
>> >>
>> >> Maybe, it can be rendered non-uninstallable by moving its files from
>> >> /var/log/info (or where are preinst postinst .... files stored).
>> >>
>> >
>> >
>>
>>
>>
>> --
>> Vit Pelcak
>
>



--
Vit Pelcak

reply via email to
[Prev in Thread] Current Thread [Next in Thread]