Difference between revisions of "Elevated privileges"
(Creation of page "Elevated privileges".) |
(No difference)
|
Revision as of 09:12, 21 June 2010
Elevated privileges can be used during app install to:
- Edit files not located in your app directory
- Create directories and files not in your app directory (i.e. /usr/share/...)
- Start or stop services
- Execute system tools (i.e. mount)
NOTE Use this with extreme caution! Elevated privileges have the potential to break a system!
Usage
A lot of applications expect before, during or after installation certain files to be in specific locations (i.e. configuration files). Because Amahi is aimed to use "One-click installation" of apps as user apache, these specific locations raise some problems.
For these problems an app packager can use "Elevated privileges".
During installation it's only allowed to execute a script that is located in a directory called elevated which holds the commands that need to be executed with elevated privileges.
Example
mkdir elevated cd elevated cat > my-elevated-script << 'EOF' some commands which need elevated privileges EOF chmod +x my-elevated-script
Elevated privileges are obtained by using the sudo-command.
sudo ./my-elevated-script
After everything is installed and configured correctly, make sure to remove the elevated directory!
rm -rf elevated
Testing
It is highly recommended you test your script before adding it to an application install for Amahi.
To test your script, create it in /tmp/ and run the script as the root-user.
NOTE Be very careful before you execute a script as the root-user because if something goes wrong, your system can be wrecked.
Things to consider
- Use this functionality as little as possible. Multiple scripts are as many times more prone to bugs.
- The directory where the apache-user has elevated privileges (elevated) poses a potential security risk. Be very sure to remove the directory after the application is installed.
- Applications can be installed by a lot of users. When using the "Elevated privilege"-functionality be very careful!
- Check, double check, triple check your script(s)!