[WBEL-devel] Re: Ah-Ha! (was: /bin/su and /usr/bin/su)

Charles Lacour clacour@clacour.com
Tue, 9 Dec 2003 04:00:33 -0600 

On Tuesday 09 December 2003 02:15, Paul Iadonisi wrote:
> On Tue, 2003-12-09 at 01:13, John Morris wrote:
>
> [snip]
>
> > Unless someone else looks into the matter and has an "Ah-Ha!" moment I'm
> > going to do my usual response to such matters.  Whack it with a big
> > stick, as in patch the .spec thus:
>
> [snip]
>
> > It will work, but doesn't explain WHY it went wrong in the first place.
>
>   Got it!  Build the package as a non-root user.  There's this little
> snippet of code in the src/Makefile:
>
> ===
>         can_create_suid_root_executable=no; \
>         chown root $$TMPFILE > /dev/null 2>&1 \
>           && chmod $(setuid_root_mode) $$TMPFILE > /dev/null 2>&1 \
>           && can_create_suid_root_executable=yes; \
>         rm -f $$TMPFILE; \
>         if test $$can_create_suid_root_executable = yes; then \
>           $(INSTALL_SU); \
>         else \
>           echo "WARNING: insufficient access; not installing su"; \
>           echo "NOTE: to install su, run 'make install-root' as root"; \
>         fi
> ===
>
>   Actually, *all* packages should be built as non-root.  I believe
> that's the way Red Hat builds them internally.  In fact, it was the
> reason for the introduction of the %dev keyword: so that you could build
> rpms requiring device files without needing to be root.
>   No guarantee that all packages will be buildable as non-root, but I
> know for a fact that it is a principle that Red Hat tries to adhere to.
> I haven't checked the Fedora Project rpm building guidelines at all, but
> I think I do remember some discussion of it on one of the lists and
> there was some comment that in order for packages to be accepted by Red
> Hat, they *must* be buildable as non-root.
>   Who knows, it might even solve some of the other unexplained problems.


I'm very glad you found that, because I probably never would have. I'm running 
this stuff on my main system, which means I care about what playing around 
with all this stuff might do to my system. I was being very, very careful NOT 
to run any of it as root. 

I read your post in the middle of my first successful compile. (I don't really 
understand the rpmbuild process yet, and copied over /var/lib/rpm/* to my 
working directory so it would quit gritching at me about 18,000 missing 
packages.)

If you hadn't posted when you did, I would have gone slightly nuts trying to 
figure out why mine worked fine, and John's didn't.

Good eye!