[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Gnumed-devel] OS-dependencies for successful bootstrapping of GNUme
Re: [Gnumed-devel] OS-dependencies for successful bootstrapping of GNUmed
Thu, 21 Nov 2013 23:17:41 +0100
On Thu, Nov 21, 2013 at 07:28:37PM +0000, Jim Busser wrote:
> During the bootstrap process, do the following fully enough describe what is
> at the OS file system level:
> - execute permission on the bootstrap scripts
> - read permission on bootstrap conf and data files
> - write permission for logging
> at the PostgreSQL level
> - read / write access to the gnumed databases
> - read access to files at the OS file system level
The latter is not needed.
> Now it appears that (at least on Mac OS, for a regular user who is not
> restricted) my regular user account has
> rwx permissions on all .sh (and some .py) in
> rw permissions on all the rest
> making my question what, if anything, in the above requires root or even
> root-like (sudo) access?
The bootstrapping shell script wrappers want to be root in
order to conveniently become postgres (in order to run
certain commands against PostgreSQL).
The python bootstrapper needs to run as root (or postgres)
because it needs to access PostgreSQL as postgres. That way
no PostgreSQL level password is needed for bootstrapping.
> For example, if the shell script was
> executed (initiated) by the regular system user, and
> if within the script there exists a 'su' to postgres, does a
> problem arise at the point of the 'su' to system account user
> 'postgres' on account of limitation of its file privileges to
> postgres-related directories and maybe /tmp
No. The problem will arise when the python bootstrapper
script runs -- unless the regular system user is set up
to be able to access PostgreSQL as required by PostgreSQL.
> Is that the problem that will prevent a successful
> bootstrap via sudo on every *nix and not just Mac OS?
There certainly isn't a problem which "will prevent a
successful bootstrap via sudo on every *nix". I am doing
that several times a day.
> If a limitation of sudo 'su' gets solved by initiating the
> bootstrap script *as* root, why must root 'own' the bootstrap
> files (say by untarring as root instead of executing files
> untarred by the regular user)?
It must not. I am running bootstrap several times a day
for the last, what, twenty years ? as a regular user
GPG key ID E4071346 @ gpg-keyserver.de
E167 67FD A291 2BEA 73BD 4537 78B9 A9F9 E407 1346