[Top][All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: removing the 'make install'-->'make all' dependency

From: Nicola Pero
Subject: Re: removing the 'make install'-->'make all' dependency
Date: Tue, 10 Dec 2002 16:40:53 +0000 (GMT)

> > Hi.
> > 
> > I'm considering removing the dependency of 'make install' from 'make all'.
> [... snip ...]
> But you still have all the overhead of having to run su and make twice.
> In my setup, I have a group of "trusted" users who can install stuff
> (except where it'd affect root), so I only have to run "make install" as
> myself to compile and install everything. Keeping root out of the build
> process seems like a Good Thing, anyway (especially when hacking
> makefiles; safer to catch "mishaps" as a normal user :).

Thanks for your comments :-)

I think a good balance would be to remove the 'install-->all' dependency
by default, and then add a special option (controlled by an environment
variable) which would automatically activate the additional
'install-->all' dependency again.  It's trivial to build the option into

Something like setting GNUSTEP_INSTALL_DEPENDS_ON_ALL=yes in the
environment (or in a makefile) would automatically turn on the 'install::
all' dependency, while the default behaviour would be without this
dependency.  Advanced users with advanced user/group/directory ownerships
setups can then set GNUSTEP_INSTALL_DEPENDS_ON_ALL=yes in their .bashrc
(or whatever they use) if they so wish.

Normal users would go on with a 'simplified' (as compared to now) building
system where 'make' and 'make install' are completely separate stages
(which reflect the way they think and do it in practice).  The normal user

 - compiles by typing 'make' as a standard user;

 - installs by typing 'make install' as the superuser (or as a standard
user if you are installing into GNUSTEP_USER_ROOT).

That is the standard way of using a makefile in the unix world, and it's
the pattern all newcomers (and I believe most normal users) use.

Btw, I would recommend following this pattern anyway unless you are really
sure of what you are doing ('you' in general terms, I expect Alexander and
Richard to quite well know what they are doing :-) ), because security can
be seriously compromised if normal users can write to directories (such as
GNUSTEP_NETWORK_ROOT) which end up being in the PATH or LD_LIBRARY_PATH of
the superuser, and often people are not really enough aware of this bit,
or do not take this seriously enough.

I understand there might be a lot of good reasons to have more 'advanced'
setups and usage patterns with users and groups and directory ownerships,
so I'm happy to add an option to provide a different behaviour for
advanced users.  It shouldn't be a particular problem for advanced users
who set up custom users and groups and special ownership policies to set a
humble environment variable. :-)

Let me know if someone is still unhappy with this solution.

reply via email to

[Prev in Thread] Current Thread [Next in Thread]