42
edits
Changes
From Amahi Wiki
Creation of page "Elevated privileges".
Elevated privileges can be used during app install to:
* Edit files not located in your app directory
* Create directories and files not in your app directory (i.e. /usr/share/...)
* Start or stop services
* Execute system tools (i.e. mount)
'''NOTE'''
Use this with extreme caution! Elevated privileges have the potential to break a system!
==Usage==
A lot of applications expect before, during or after installation certain files to be in specific locations (i.e. configuration files). Because Amahi is aimed to use "One-click installation" of apps as user <small>apache</small>, these specific locations raise some problems.
For these problems an app packager can use "Elevated privileges".
During installation it's only allowed to execute a script that is located in a directory called <small>elevated</small> which holds the commands that need to be executed with elevated privileges.
'''Example'''
<small>
mkdir elevated
cd elevated
cat > my-elevated-script << 'EOF'
some
commands which need
elevated privileges
EOF
chmod +x my-elevated-script
</small>
Elevated privileges are obtained by using the <small>sudo</small>-command.
<small>
sudo ./my-elevated-script
</small>
After everything is installed and configured correctly, make sure to remove the <small>elevated</small> directory!
<small>
rm -rf elevated
</small>
==Testing==
It is highly recommended you test your script before adding it to an application install for Amahi.
To test your script, create it in <small>/tmp/</small> and run the script as the <small>root</small>-user.
'''NOTE'''
Be very careful before you execute a script as the <small>root</small>-user because if something goes wrong, your system can be wrecked.
==Things to consider==
* Use this functionality as little as possible. Multiple scripts are as many times more prone to bugs.
* The directory where the <small>apache</small>-user has elevated privileges (<small>elevated</small>) poses a potential security risk. Be '''very''' sure to remove the directory after the application is installed.
* Applications can be installed by a lot of users. When using the "Elevated privilege"-functionality be '''very''' careful!
* Check, double check, triple check your script(s)!
* Edit files not located in your app directory
* Create directories and files not in your app directory (i.e. /usr/share/...)
* Start or stop services
* Execute system tools (i.e. mount)
'''NOTE'''
Use this with extreme caution! Elevated privileges have the potential to break a system!
==Usage==
A lot of applications expect before, during or after installation certain files to be in specific locations (i.e. configuration files). Because Amahi is aimed to use "One-click installation" of apps as user <small>apache</small>, these specific locations raise some problems.
For these problems an app packager can use "Elevated privileges".
During installation it's only allowed to execute a script that is located in a directory called <small>elevated</small> which holds the commands that need to be executed with elevated privileges.
'''Example'''
<small>
mkdir elevated
cd elevated
cat > my-elevated-script << 'EOF'
some
commands which need
elevated privileges
EOF
chmod +x my-elevated-script
</small>
Elevated privileges are obtained by using the <small>sudo</small>-command.
<small>
sudo ./my-elevated-script
</small>
After everything is installed and configured correctly, make sure to remove the <small>elevated</small> directory!
<small>
rm -rf elevated
</small>
==Testing==
It is highly recommended you test your script before adding it to an application install for Amahi.
To test your script, create it in <small>/tmp/</small> and run the script as the <small>root</small>-user.
'''NOTE'''
Be very careful before you execute a script as the <small>root</small>-user because if something goes wrong, your system can be wrecked.
==Things to consider==
* Use this functionality as little as possible. Multiple scripts are as many times more prone to bugs.
* The directory where the <small>apache</small>-user has elevated privileges (<small>elevated</small>) poses a potential security risk. Be '''very''' sure to remove the directory after the application is installed.
* Applications can be installed by a lot of users. When using the "Elevated privilege"-functionality be '''very''' careful!
* Check, double check, triple check your script(s)!
