On Tue, 2004-04-06 at 18:46, Alan Cox wrote:
>
> Maybe there is an argument for a /usr/local/ with default labels that
> prohibit privileged roles using the contents and which doesn't require
> total superuser rights to write into.
>
> That also solves
> - The 10,000 private installations of epic problem
> - The cross platform problem
> - Non-exec /home
>
> Alan
My dad (long time university programmer at Cal) is a strong believer
that only operating system vendor supplied packages go into
/usr/{bin,lib,include}
Packaged third party vendor stuff goes in /opt with symlinks to the
binaries in /usr/local/bin
Stuff compiled from source goes in /usr/local.
That's his way.
Something like that would make a lot of sense here. Not necessarily /opt
with symlinks - but something like that, that (at the sysadmins
discretion) could be written to by anyone in the group admin or staff or
whatever - perhaps with sticky bits to prevent someone from over-writing
someone elses stuff. Maybe require that they be installed by RPM (or
whatever the distro uses)
They could still be handled by rpm but not require root to install the
rpm - keeping a separate rpm database.
Only OS vendor stuff has a prefix of /usr
Third party stuff has a prefix of /usr/contrib
/usr/contrib/lib
/usr/contrib/include
/usr/contrib/etc
/usr/contrib/bin
only package manager stuff goes in /usr/contrib - stuff compiled from
source still goes in /usr/local
Separate rpm database for /usr/contrib - it can check the system rpm
database to make sure dependencies are satisfied, but stuff in its
database can not be used to satisfy the system rpm's dependencies so
that if there is a problem with tainted binaries in /usr/contrib -
/usr/contrib can be unmounted or denied execution without breaking the
stuff in /usr
I wouldn't want to use /opt for this because the /opt standard is
/opt/vendor/product - and that either requires symlinks into /usr/local
or horribly long paths. /usr/contrib (or /contrib - I don't care) should
be unmountable without resulting in broken symlinks in /usr/local.
But I think /usr/local is for stuff compiled from source.
-=-
Note to Alan Cox - thanks for your work on m68k Linux.
That was my second Linux distribution (debian slink on an SE/30 with a
100 MB hard drive and 20 MB of ram - definitely no X11) - my first being
MKLinux DR3. Your name was all over the release notes for that port ...
;)
--
Cheap Linux CD's - http://mpeters.us/linux/
