Kontact Touch running on Harmattan

Laszlo Papp lpapp at kde.org
Tue Oct 25 08:23:46 UTC 2011


> I think this is acceptable on a typical "single user" device.

I think it is a security principle violation, and it is more like just
a workaround. I am not sure it will pass the OVI QA process, but
certainly not recommended.

I am trying to give you an example how to do it properly:

debian/yourpackage.aegis:

<aegis>
  <request>
    <credential name="UID::A"/>
    <credential name="GID::B"/>
    <for path="/usr/bin/helloworld"/>
    <for path="/usr/sbin/foobar>
  </request>
</aegis>

A: The user of the relevant file or/and directory you wanted to modify by chown
B: The group of the relevant file or/and directory you wanted to modify by chown

You can get those user and group by using "ls -lda"-like commands.

/usr/bin/helloworld: The process one which would like to have the
relevant access to the desired file or/and directory
/usr/sbin/foobar: Another process which would like to thave the
relevant access to the desired file or/and directory

Note that you request the credential for the process which needs to
have the accesses and not the output file.

If it is for maintainer scripts, it is better to use this:
<request context="INSTALL">
...
</request>

In order to understand the logic: your process will run with the
relevant user/group privileges, and you do not need to use chown
because of this logic.

Hope it helps. I am all for help, just ask if something is not clear. :)

Best Regards,
Laszlo Papp


More information about the Kde-mobile mailing list