• PacmanXG question


    Hello, I wonder if there’s more secure way of using PacmanXG, if you will type su password at the start it will work all the time using this password and that is not recommended especially when building package from AUR. I personally really like some more advanced functions of this program. Is there any way to force PacmanXG asking for su password only before installing an app. Alternatively developers could consider bundling Antegros with something like Octopi package manager (octopi-git from aur, it’s bundled with update notifier) which is also pacman frontend but only ask for password when actually installing package from repositories or aur. I think the less security holes the better, especially if Antegros focus is user friendly arch based Linux distribution

  • Hello, I wonder if there’s more secure way of using PacmanXG, if you will type su password at the start it will work all the time using this password and that is not recommended especially when building package from AUR. I personally really like some more advanced functions of this program. Is there any way to force PacmanXG asking for su password only before installing an app. Alternatively developers could consider bundling Antegros with something like Octopi package manager (octopi-git from aur, it’s bundled with update notifier) which is also pacman frontend but only ask for password when actually installing package from repositories or aur. I think the less security holes the better, especially if Antegros focus is user friendly arch based Linux distribution

  • @“Riotta”:1kmd9cw4 said:

    Hello, I wonder if there’s more secure way of using PacmanXG, if you will type su password at the start it will work all the time using this password and that is not recommended especially when building package from AUR. I personally really like some more advanced functions of this program. Is there any way to force PacmanXG asking for su password only before installing an app.[/quote:1kmd9cw4]PacmanXG does not directly handle package functions. It only works as a middle man between the user and pacman & yaourt. Yaourt never runs makepkg with root privileges and even if it tried, makepkg would throw an error and the transaction would fail. As long as you dont force makepkg to run as root then you have nothing to worry about. So basically there are safeguards in place

    @“Riotta”:1kmd9cw4 said:

    Alternatively developers could consider bundling Antegros with something like Octopi package manager (octopi-git from aur, it’s bundled with update notifier) which is also pacman frontend but only ask for password when actually installing package from repositories or aur.[/quote:1kmd9cw4]This is something that is already in our plans but its no simple task. If we do it, we are going to do it completely different than the current options (otherwise, what’s the point!) The plan is for it to function like an App Store and not like a boring pk mgr.

    Cheers!

  • [[img:q0etii0r]http://s27.postimg.org/u5e1s3dwf/Zrzut_ekranu_z_2014_01_31_21_42_20.jpg[/img:q0etii0r][/url:q0etii0r]

    I’m talking about this:

    WARNING: Building package as root is dangerous.
    Please run yaourt as a non-privileged user

    So PacmanXG is obviously running Yaourt with root privileges, it should be using as normal user and ask for password only when installing a package. But I see that you are taking another approach, probably your team is thinking about developing something around pacman in-house. Well it can be very interesting, I’m looking forward for anything regarding Antergos cause it’s making an Arch Linux install hassle free for people which are a bit lazy or haven’t too much free time

    Thanks for the support!]0

  • Yes it is running yaourt that way and you are right that it shouldnt. However, yaourt drops privileges while building the package and then picks them up to call pacman. It may not be the best method but it isnt insecure because of the way yaourt is designed to handle this scenario.

    Cheers!

  • I’m looking forward for anything regarding Antergos cause it’s making an Arch Linux install hassle free for people which are a bit lazy or haven’t too much free time

    Thanks for the support!

    I agree! These guys all have a good heart to help, and that is wonderful for the rest of us, as you said.

    In God's love,
    †MaNNa <{{{\>< …to You all thanks and glory Lord Yeshua!

    And Jesus prayed to The Father, "And this is the way to ete…

Posts 6Views 1612
Log in to reply