[tahoe-dev] Warning or error when running Tahoe as root
markus reichelt
ml at mareichelt.com
Thu Aug 2 18:39:58 UTC 2012
* David-Sarah Hopwood <david-sarah at jacaranda.org> wrote:
> There's an argument for saying that this shouldn't just be a
> warning; it should be an error, because running as root once may
> already do things that need to be undone (e.g. creating files
> owned by root, as in the case that motivated the ticket).
Maybe I missed it but which install type was it all about? A
system-wide install or a mere user-install?
I feel like I'm pondering about something very obvious regarding the
OP's problems when it comes to things going not as planned because of
wrong permissions (even if you create a filesystem as root, you still
have to tune permissions in order for lesser beings to access it).
A line like this, placed somewhere strategically in the quickstart
document, would have some merit for the folks testing Tahoe (on a
glacier but somehow misplaced their winter walking boots):
All Things Tahoe Are Best Served From A Single User.
(or somesuch wording that reflects its meaning)
If I decide to run Tahoe in a VM as a user with high access
privileges, that's completely my responsibility. (In my
understanding, root is among such users, obviously).
However, printing a warning about running a network service as root
is a good idea anyway (Tor's arm does it) and last I checked there
wasn't a single network service out there recommending being run as
root. Surely this is documented somewhere, sysadmin best practices,
whatever :)
> If we made it an error then we could add an --allow-root option to
> suppress it; is that necessary, or overcomplicated?
If you make it an error, please add the Han Solo switch ("I know."),
and include it in the error message.
(I happen to maintain a mere SQRT(universe) environment.)
Oh and how do you plan on checking wether Tahoe is actually running
as root? I wouldn't just parse for root but actually check group
id/groups as well.
PS: Yes, I have to admit I tried to avoid touching the topic of
Tahoe-LAFS being a filesystem.
" Scotty, now would be a good fsck-time.... "
--
left blank, right bald
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 836 bytes
Desc: not available
URL: <http://tahoe-lafs.org/pipermail/tahoe-dev/attachments/20120802/04a5c0a5/attachment.pgp>
More information about the tahoe-dev
mailing list