[Hackage] #611: protect users from themselves when they use sudo
inappropriately
Hackage
trac at galois.com
Thu Nov 26 19:20:43 EST 2009
#611: protect users from themselves when they use sudo inappropriately
----------------------------+-----------------------------------------------
Reporter: duncan | Owner:
Type: enhancement | Status: new
Priority: normal | Milestone:
Component: Cabal library | Version:
Severity: normal | Keywords:
Difficulty: unknown | Ghcversion:
Platform: |
----------------------------+-----------------------------------------------
Users sometimes get themselves into trouble with sudo. For example:
{{{
sudo cabal install blah
}}}
or
{{{
sudo cabal update
}}}
In both cases, the user is doing actions as root that modify their normal-
user files.
In the first case it will install a package into ~/.cabal/ but of course
all the files owned by root, so the user cannot delete them again later.
In the second case cabal will as root update the per-user package index.
This will make further updates not as root fail, and worse because of a
file permissions bug, the index will not be readable as their normal user.
The aim would be to protect users from themselves and tell them when
they're doing something that's almost certainly wrong. We could suggest
alternatives, like don't use sudo if you wanted to do a per-user install,
or use sudo and --global if you did.
The tricky bit is making a suitably accurate test and making it possible
to do the silly thing, if that's what the user really really wanted.
--
Ticket URL: <http://hackage.haskell.org/trac/hackage/ticket/611>
Hackage <http://haskell.org/cabal/>
Hackage: Cabal and related projects
More information about the cabal-devel
mailing list