[csw-maintainers] (now about sudo)
Maciej (Matchek) Blizinski
maciej at opencsw.org
Fri Dec 4 12:37:47 CET 2009
On Mon, Nov 30, 2009 at 6:01 PM, Philip Brown <phil at bolthole.com> wrote:
> Maciej, I apologise if you feel "disgruntled" in any way... While I
> understand it might be frustrating to redo work, I thought we had
> actually found the best way to move forward.
>
> To resummarize (and recap a bit for the wider audience):
> The core issue is that we have 3 packages:
>
> CSWsudo - "minimal" sudo (aka "normal" sudo that most people want)
> CSWsudoldap - LDAP enabled sudo
> CSWsudo-common - common files.
>
>
> The first two packages provide either a "sudo_minimal" or "sudo_ldap" binary.
> The issue revolves around how/what creates /opt/csw/bin/sudo.
>
> we need to be able to have all installed, and not cause conflicts.
> We also need to have "sudo" behave as desired by the site admins.
>
> After discussing various options, I think that the solution that
> addresses all of Maciej's concerns, is to have CSWsudo also create a
> symlink of /opt/csw/bin/sudo ->sudo_minimal in a postinstall script,
> If and only If /opt/csw/bin/sudo does not already exist.
>
> I suggested that on nov 18th, and did not see any objection, or any
> reply at all, after that.
> I presumed that meant he was working on the update. But now I guess not...?
Sorry for my last grumpy e-mail, I was just frustrated and angry. I
started to reply to the last sudo-related e-mail and realized that we
have to start from the very beginning, i.e.: what is CSWsudo_ldap for,
and how is it supposed to be used. I guess that there's just no other
way, so let's go ahead and do it.
My best guess about CSWsudo and CSWsudo_ldap is that CSWsudo is a an
alternative version of sudo, created so that CSWsudo would not be
dependent on the ldap packages, and users would not be forced to
install ldap just to have simple sudo.
The obvious way of doing it would be to have CSWsudo and CSWsudo_ldap
mutually incompatible: user installs one or the other. There's no
gain in installing both, as sudo_ldap pulls ldap packages, so all the
benefit of CSWsudo (without the dependency) is lost.
The current way sudo is packaged is probably a work in progress which
become stuck at some point. I don't see any sense of CSWsudo_common
installing a dangling symlink from /opt/csw/bin/sudo to
/opt/csw/bin/sudo.minimal.
I agree that if CSWsudo installed the symlink if it wasn't already
there would fix the discussed failure mode. However, it strikes me as
an attempt do deal with this one failure mode without looking at the
bigger picture, or perhaps Phil and I have different bigger pictures.
If I wanted to switch between ldap-enabled and minimal sudo, I would
expect the following to work:
pkgrm CSWsudo_ldap
pkg-get -i CSWsudo
or
pkgrm CSWsudo
pkg-get -i CSWsudo_ldap
Anything else is in my opinion unintuitive.
If we wanted a solution with both binaries installed at the same time
(assuming there's a benefit there), we would need a mechanism for
switching the alternatives. I'll be happy to discuss that, and deploy
a thought-through solution. I don't want to start messing with
symlinks with no design in place.
Maciej
More information about the maintainers
mailing list