Sudoers list?

[Matt Palmer]

On Wed, Apr 05, 2006 at 12:12:37AM +0100, Daniel Carrera wrote:
> Matthew Palmer wrote:
> >How is it better for a script to say "hey, can you give me root privs now"
> >before doing something nasty, as opposed to saying "you have to give me 
> >root
> >privileges at the beginning" before doing something nasty?
> 
> One difference is that the user has the option to click "cancel" and 
> choose a different directory. So they can choose to run it entirely 
> without root.

if [ ! -w "$INSTDIR" ]; then
	cat <<EOF
You do not have permission to install this program into the destination you
have chosen.  Please select a different location or run this script again
using sudo.
EOF
	exit 1
fi

> Another difference applies to well-intentioned but buggy scripts. When 
> you trust the script writer's intentions, but not his coding skills :) 
> it doesn't hurt to minimise the time spent as root.

There is that.  Nothing like a bit of

rm -rf /$INSTDIR

without checking [ -n "$INSTDIR" ] first to really make somebody's day.

- Matt

-- 
[On LDAP] "Lightweight my ass.  The fact that X.509 has the weight of an
18-wheel rig doesn't make a minivan something you shove in your backpack."
		-- Zed Pobre, ASR