FS#66004 - [pacman-contrib]`pacdiff` should check execution privileges and escalate when needed like `paccache`
Attached to Project:
Community Packages
Opened by Luca (lucatrv) - Saturday, 28 March 2020, 08:31 GMT
Last edited by Daniel M. Capella (polyzen) - Friday, 18 February 2022, 05:49 GMT
Opened by Luca (lucatrv) - Saturday, 28 March 2020, 08:31 GMT
Last edited by Daniel M. Capella (polyzen) - Friday, 18 February 2022, 05:49 GMT
|
Details
Description:
When `paccache` is executed without administrative privileges, it shows the message: ==> Privilege escalation required and tries to escalate with `sudo` (al least on my system). Instead `pacdiff` does not check execution privileges, and it fails when it tries to overwrite system files. Additional info: * package version: 1.3.0-1 Steps to reproduce: Execute `pacdiff` and `paccache` without administrative privileges. |
This task depends upon
Closed by Daniel M. Capella (polyzen)
Friday, 18 February 2022, 05:49 GMT
Reason for closing: Deferred
Additional comments about closing: The next release will include a --sudo option. If you still would like to pursue this feature, please file an issue in the pacman-contrib repo:
https://gitlab.archlinux.org/pacman/pacm an-contrib/-/issues
Friday, 18 February 2022, 05:49 GMT
Reason for closing: Deferred
Additional comments about closing: The next release will include a --sudo option. If you still would like to pursue this feature, please file an issue in the pacman-contrib repo:
https://gitlab.archlinux.org/pacman/pacm an-contrib/-/issues
I am using pacdiff without sudo, forcing sudo would break a valid use case. The way I'm using pacdiff, I can run vim with all my favorite plugins, without being forced to run pacdiff and vim itself as root. Only when the file is read or written to and from the buffer or for deletion, sudo is invoked.
This is achieved by setting DIFFPROG=vimpacdiff, where vimpacdiff is a simple script:
#!/bin/bash
vim -c "SudoEdit ${1}" -c 'diffthis' -c 'vsplit' -c "SudoEdit ${2}" -c 'diffthis' -c 'diffupdate'
Here, the SudoEdit command comes from https://github.com/tpope/vim-eunuch.
When I'm done I call ':!sudo rm %' from within vim, which deletes the .pacnew, then I 'skip' the file in pacdiff.
So as I said, the choice to use sudo or not would be great. Even better, additionally the 'rm' and 'mv' could be made configurable in pacdiff as $RMPROG and $MVPROG environment variables, similar to $DIFFPROG. Then one could set these to 'sudo mv' and 'sudo rm' and enjoy the complete pacdiff workflow while adhering to the principle of least privilege.