Difference between revisions of "Elevated privileges"
(Creation of page "Elevated privileges".) |
m (Fixed code to delete the elevated directory to include the necessary cd) |
||
| Line 39: | Line 39: | ||
<small> | <small> | ||
| + | cd .. | ||
rm -rf elevated | rm -rf elevated | ||
</small> | </small> | ||
Latest revision as of 03:16, 29 August 2012
Elevated privileges can be used during app install to:
- Edit files not located in your app directory
- Create directories and files not in your app directory (i.e. /usr/share/...)
- Start or stop services
- Execute system tools (i.e. mount)
NOTE Use this with extreme caution! Elevated privileges have the potential to break a system!
Usage
A lot of applications expect before, during or after installation certain files to be in specific locations (i.e. configuration files). Because Amahi is aimed to use "One-click installation" of apps as user apache, these specific locations raise some problems.
For these problems an app packager can use "Elevated privileges".
During installation it's only allowed to execute a script that is located in a directory called elevated which holds the commands that need to be executed with elevated privileges.
Example
mkdir elevated
cd elevated
cat > my-elevated-script << 'EOF'
some
commands which need
elevated privileges
EOF
chmod +x my-elevated-script
Elevated privileges are obtained by using the sudo-command.
sudo ./my-elevated-script
After everything is installed and configured correctly, make sure to remove the elevated directory!
cd ..
rm -rf elevated
Testing
It is highly recommended you test your script before adding it to an application install for Amahi.
To test your script, create it in /tmp/ and run the script as the root-user.
NOTE Be very careful before you execute a script as the root-user because if something goes wrong, your system can be wrecked.
Things to consider
- Use this functionality as little as possible. Multiple scripts are as many times more prone to bugs.
- The directory where the apache-user has elevated privileges (elevated) poses a potential security risk. Be very sure to remove the directory after the application is installed.
- Applications can be installed by a lot of users. When using the "Elevated privilege"-functionality be very careful!
- Check, double check, triple check your script(s)!
