FuziOK wrote: > > I think it's not a good idea to use sudo to run 'make install'. > If you write a Makefile like this: > > install: > rm -rf / > > then > %install localhost=/usr/bin/make install > is equal to > %install localhost=/bin/rm -rf / > in /etc/sudoers. > This is one reason to limit it to a small group or a single user. You have to limit access to users that you would otherwise trust with the root password. You have to use caution when installing new software, regardless of how you install it. You can do the same type of damage with scripts in an RPM. Remember, there can be install scripts, remove scripts, and update scripts, and these do not show up in the list of files provided by the RPM. An even bigger risk is that you might be installing a suid program that could be used to crack the system. This applies to both installing an RPM, or installing with make install. When you are talking about using "sudo make install" as a replacement for becoming root and running "make install", I don't see the difference in risk. I do see it as somewhat less risky then changing to root for the entire build process. This is especially true when you also limit it to users logged in locally. That means the user is not only trusted, but probably has physical access to the machine. (He could be logged in from a serial terminal.) It would be safer for build and test the package on a test machine, or in a virtual machine, package it up after it passes testing, and then install it... Mikkel -- Do not meddle in the affairs of dragons, for thou art crunchy and taste good with Ketchup!
