Elevated privileges

From Amahi Wiki
Revision as of 09:12, 21 June 2010 by SolaR (talk | contribs) (Creation of page "Elevated privileges".)
(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)
Jump to: navigation, search

Elevated privileges can be used during app install to:

  • Edit files not located in your app directory
  • Create directories and files not in your app directory (i.e. /usr/share/...)
  • Start or stop services
  • Execute system tools (i.e. mount)

NOTE Use this with extreme caution! Elevated privileges have the potential to break a system!

Usage

A lot of applications expect before, during or after installation certain files to be in specific locations (i.e. configuration files). Because Amahi is aimed to use "One-click installation" of apps as user apache, these specific locations raise some problems.

For these problems an app packager can use "Elevated privileges".

During installation it's only allowed to execute a script that is located in a directory called elevated which holds the commands that need to be executed with elevated privileges.

Example

    mkdir elevated
    cd elevated
    cat > my-elevated-script << 'EOF'
         some
         commands which need
         elevated privileges
    EOF
    chmod +x my-elevated-script

Elevated privileges are obtained by using the sudo-command.

    sudo ./my-elevated-script

After everything is installed and configured correctly, make sure to remove the elevated directory!

    rm -rf elevated

Testing

It is highly recommended you test your script before adding it to an application install for Amahi.

To test your script, create it in /tmp/ and run the script as the root-user.

NOTE Be very careful before you execute a script as the root-user because if something goes wrong, your system can be wrecked.

Things to consider

  • Use this functionality as little as possible. Multiple scripts are as many times more prone to bugs.
  • The directory where the apache-user has elevated privileges (elevated) poses a potential security risk. Be very sure to remove the directory after the application is installed.
  • Applications can be installed by a lot of users. When using the "Elevated privilege"-functionality be very careful!
  • Check, double check, triple check your script(s)!