On Thu, 2009-05-28 at 18:47 +0200, ludovic coues wrote: > That > > 2009/5/28, Jan Spakula <jan.spakula@xxxxxxx>: > > Excerpts from ludovic coues's message of Do Mai 28 17:09:52 +0200 2009: > >> A solution in pacman, getting rid of user adding in .install script, > >> can allow security like asking user to confirm creation of group and > >> user. > >> > >> This would be a secure way of doing thing, and users/admin would be > >> aware of new user/group. > > > > I don't get how is adding/removing users/groups from pacman directly safer > > then > > doing the same from the install script. > > > > How about just *informing* the user what's happening in the install script? > > Then there would be no 'unexpected behavior'. > > > > That's what I want to when I suggest to confirm the creation. > And pacman can have some internal security that can be by-pass if some > PKGBUILD field are used. > For example, pacman could have a database with which app have add > which user, and will not remove a user which is needed by an app when > another app want remove it on uninstall. Packages shouldn't share user accounts usually, and in case they do, they should be in the filesystem package. As for (re)starting daemons: don't. It's up to the user to do that. Usually these things need configuration, it's a no-go to add them to rc.conf by default.
