Changes

From Amahi Wiki
Jump to: navigation, search
2,295 bytes added ,  09:12, 21 June 2010
Creation of page "Elevated privileges".
Elevated privileges can be used during app install to:

* Edit files not located in your app directory
* Create directories and files not in your app directory (i.e. /usr/share/...)
* Start or stop services
* Execute system tools (i.e. mount)

'''NOTE'''
Use this with extreme caution! Elevated privileges have the potential to break a system!

==Usage==

A lot of applications expect before, during or after installation certain files to be in specific locations (i.e. configuration files). Because Amahi is aimed to use "One-click installation" of apps as user <small>apache</small>, these specific locations raise some problems.

For these problems an app packager can use "Elevated privileges".

During installation it's only allowed to execute a script that is located in a directory called <small>elevated</small> which holds the commands that need to be executed with elevated privileges.

'''Example'''

<small>
mkdir elevated
cd elevated
cat > my-elevated-script << 'EOF'
some
commands which need
elevated privileges
EOF
chmod +x my-elevated-script
</small>

Elevated privileges are obtained by using the <small>sudo</small>-command.

<small>
sudo ./my-elevated-script
</small>

After everything is installed and configured correctly, make sure to remove the <small>elevated</small> directory!

<small>
rm -rf elevated
</small>

==Testing==

It is highly recommended you test your script before adding it to an application install for Amahi.

To test your script, create it in <small>/tmp/</small> and run the script as the <small>root</small>-user.

'''NOTE'''
Be very careful before you execute a script as the <small>root</small>-user because if something goes wrong, your system can be wrecked.

==Things to consider==

* Use this functionality as little as possible. Multiple scripts are as many times more prone to bugs.

* The directory where the <small>apache</small>-user has elevated privileges (<small>elevated</small>) poses a potential security risk. Be '''very''' sure to remove the directory after the application is installed.

* Applications can be installed by a lot of users. When using the "Elevated privilege"-functionality be '''very''' careful!

* Check, double check, triple check your script(s)!
42

edits