Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Why does informant need sudo? #28

Closed
TeFiLeDo opened this issue Oct 29, 2020 · 2 comments
Closed

Why does informant need sudo? #28

TeFiLeDo opened this issue Oct 29, 2020 · 2 comments

Comments

@TeFiLeDo
Copy link

TeFiLeDo commented Oct 29, 2020

I was wondering if there is a specific reason why informant requires root privileges or membership in the informant group.

AFAIK that command doesn't do any changes to the system. And since the displayed news are publicly available on the arch website, this seems like an odd choice to me.

If this is meant to protect admins against users maliciously reading the news (something I never thought I'd write 😅), wouldn't it be more desirable to keep the data in the users home directory (like PR #17 suggests)?

@bradford-smith94
Copy link
Owner

There's already some discussion of this in #2, but basically I've kept the save information in /var because of the pacman hook.

When the hook executes it does so with privileges (either sudo or root depending on how pacman is called) and it needs access to the save file. While there are ways to get the sudo user and access their home folder I'm not sure how I feel about a privileged process changing data in the users home directory. But using the group or sudo access feels like a cleaner solution to me.

@TeFiLeDo
Copy link
Author

TeFiLeDo commented Nov 3, 2020

Thank you for your quick reply.

While I personally wouldn't really be against a privileged process reading from and writing to a file inside my home directory (so long as my user is the files owner and can modify/delete it), I do agree with the argument about users logging in as root you made in the linked issue.

@TeFiLeDo TeFiLeDo closed this as completed Nov 3, 2020
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

No branches or pull requests

2 participants