[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: how to prevent root from doing rpmbuild



I am not sure if it is possible.
I was thinking I could do something like edit the %prep so that it will
exit if uid = 0 , and then copy the new edited macro into /etc/rpm/macro

I can't seem to find where the %prep macro is, or even if this is a good
idea, does anyone have any comments.


On Thu, 6 Feb 2003, Panu Matilainen wrote:

> On Wed, 5 Feb 2003, Matthias Saou wrote:
>
> > Panu Matilainen <pmatilai@welho.com> wrote :
> >
> > > On Wed, 5 Feb 2003, Robin Mordasiewicz wrote:
> > >
> > > > What is the best way to limit who can rebuild src rpms.
> > > > I do not want root to ever rebuild rpm packages.
> > >
> > > A "me too" for that! How about a default build policy, similar in spirit
> > > to "unpackaged files terminate build" which makes rpmbuild refuse to run
> > > as root unless you override it in ~/.rpmmacros or command line?
> >
> > I would go for the "dummy proof" trivial version :-)
> >
> > Just stick something like this in your /etc/bashrc :
> > if [ `id -u` -eq 0 ]; then
> > 	alias rpmbuild='echo Sorry but root should not rebuild'
> > fi
> >
> > Then :
> >
> > $ rpmbuild foo
> > error: failed to stat /home/dude/foo: No such file or directory
> >
> > # rpmbuild foo
> > Sorry but root should not rebuild foo
> >
> > But for myself, I don't really see the point since I'm the only root on my
> > systems ;-) But on systems where there are multiple root accounts and some
> > could be tempted of rebuilding a source package as root just to go
> > quicker... then, maybe.
>
> The big difference here is that you happen to know how to create quality
> packages, build them as root or not :)
>
> After seeing various "creative" %install sections, like doing
> "mv /usr/lib/libxx* $RPM_BUILD_ROOT/usr/lib/" (I am not kidding!) I'd
> really rather see building rpm's as root banned completely...
>
>

-- 
Robin Mordasiewicz
416-207-7012
UNIX Administrator
Primus Canada






[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index] []