Presentation is loading. Please wait.

Presentation is loading. Please wait.

Use Cases, Issues, Proposed Solutions: Software and Environment Non Privileged User Package Management Francois-Denis Gonthier Kryptiva inc.

Published byRosamund Horton Modified over 8 years ago

Similar presentations

Presentation on theme: "Use Cases, Issues, Proposed Solutions: Software and Environment Non Privileged User Package Management Francois-Denis Gonthier Kryptiva inc."— Presentation transcript:

1 Use Cases, Issues, Proposed Solutions: Software and Environment Non Privileged User Package Management Francois-Denis Gonthier Kryptiva inc. fdgonthier@kryptiva.com Steven Pigeon Département de Génie Logiciel et des Technologies de l’Information (ETS) spigeon@etsmtl.ca

2 Issues of system installs Users depends on Administrators – Annoys administrators Users install packages themselves – Problems with Dependencies – Problems with Security – Problems with Redundancy

3 Objections Policies Redundancy Automatic Updates Security “Root” packages Sudo Delegation “sudoers”

4 Policies Users may lack essential skills – May or mayn't be familiar with Linux – Are often oblivious of other users Users ignore any policies they can

5 Redundancy If users each install their packages from tarballs – Many copies of the same may be found – No simple means of pooling installs

6 Automatic Updates Packages installed by users – May or mayn't be of the correct version for the current install – Are not automatically updated with the rest of the system

7 Security If users each install their packages from tarballs – They can install software from unauthenticated repositories – They can install software from incompatible repositories

8 “Root” Packages Some packages are inherently “root” – Kernel modules (and drivers) – Applications and services with restricted ressources usage

9 Sudoers Delegating Installs using “sudoers” – Basically gives root access to users – Malignant users can modify global configuration – Users can install broken or malicious packages from unauthenticated sources

10 Alternatives? Sudo Delegation “sudoers” – Already shown to be bad PackageKit Vserver (... or virtual machines)

11 What is PackageKit? ● Priviledged dbus service ● Uses distributor backend Conary RPM Apt PackageKit App. Dbus & PolicyKit

12 PackageKit Good Allow users to install software Potentially supports policies and filtering Bad No protection against bad packages... or bad users

13 What is Vserver? ● Isolated Linux instances ● Shared kernels (Vserver)... or not (VMs) Host machine Guest

14 Vserver Good Total control by user Isolation Bad Ressource cost Heavy redundancy Recursive problem

15 Proposed Solution Unprivileged User Installs Relocatable packages Multiple package databases Environment setup

16 Relocatable Packages Currently, package relocation – Partially supported by RPM – Breaks maintainers scripts Package content must be made relocatable Maintainer script be must be aware of new location

17 Multiple databases Currently, package database – Writable by root user only – Multiple database are not supported Must be accessible to user “Merged” with the system database

18 Relocatable packages File relocation (prefix based) Maintainer scripts support Software – Use relative paths – Environment variables

19 Multiple databases Package database local to user (or group) Local database “linked” with system database – Aware of system-installed dependencies – Make local version override possible

20 Setting Up Software Environment Environment setup – Prepare the software environment – Run all package specific initialization Executed through – PAM – Traditional session-initialization script

21 User package install 1. Reads local database 2. Reads system database 3. Merges both database 4. Resolves dependencies

22 System package install 1. Reads system database 2. Reads all user databases 3. Resolves dependencies Query for confirmation in case of conflicts Uninstall user-package if needed 4. Installs system packages

23 Dependencies, conflict resolution General rule – System package rule over user package – Might uninstall user packages (with confirm.) – Refuse to install non-relocatable package User – Can install earlier/other compatible versions

24 Repository policies Repository management – Allow/disallow custom repositories – White/black list of repositories – Distribution-specfic white/black list

25 Install policies Filters – By package “tags” (ie: exclude games) – By sections – Regular expressions – etc.

26 Modification to existing Package Management Software Development tools Maintainer scripts Database format (name, location) Conflict resolution Apt changes

27 Development tools Automate repetitive tasks – Setup common binary paths –... library paths –... manual paths... and that is all that is needed in some case

28 Program changes Relative path – FHS hierarchy –... relative to the program location

29 Maintainer scripts and conflict resolution Maintainer scripts – Must be made aware of location Conflict resolution – Rules already explained

30 Apt/Dpkg Read user database Handle policies – Apply policy before downloading – Support repository policies –... install policies

31 Conclusion Useful Nothing really impossible Can be made stable Little modifications needed in some case

Download ppt "Use Cases, Issues, Proposed Solutions: Software and Environment Non Privileged User Package Management Francois-Denis Gonthier Kryptiva inc."

Similar presentations

MODULE 3: OS & APP LAYERS. Agenda Preparing and importing a gold image Creating and understanding Install Machines Creating basic Application layers Understanding.

MODULE 3: OS & APP LAYERS. Agenda Preparing and importing a gold image Creating and understanding Install Machines Creating basic Application layers Understanding.
Mello-Dee Simmons Liza Klosterman.  Who We Are ‣Largest community-owned utility in Florida and the eighth largest in the United States. ‣Electric system.

Mello-Dee Simmons Liza Klosterman.  Who We Are ‣Largest community-owned utility in Florida and the eighth largest in the United States. ‣Electric system.
70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment, Enhanced Chapter 9: Implementing and Using Group Policy.

70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment, Enhanced Chapter 9: Implementing and Using Group Policy.
70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment Chapter 9: Implementing and Using Group Policy.

70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment Chapter 9: Implementing and Using Group Policy.
Lesson 18: Configuring Application Restriction Policies

Lesson 18: Configuring Application Restriction Policies
Monitor Linux OS health & performance Monitor log files Monitor JEE app servers Monitor line-of-business applications Monitor databases and web.

Monitor Linux OS health & performance Monitor log files Monitor JEE app servers Monitor line-of-business applications Monitor databases and web.
Julie McEnery1 Installing the ScienceTools The release manager automatically compiles each release of the Science Tools, it creates a set of wrapper scripts.

Julie McEnery1 Installing the ScienceTools The release manager automatically compiles each release of the Science Tools, it creates a set of wrapper scripts.
Hyrax Installation and Customization Dan Holloway James Gallagher.

Hyrax Installation and Customization Dan Holloway James Gallagher.
1 Introduction to Tool chains. 2 Tool chain for the Sitara Family (but it is true for other ARM based devices as well) A tool chain is a collection of.

1 Introduction to Tool chains. 2 Tool chain for the Sitara Family (but it is true for other ARM based devices as well) A tool chain is a collection of.
Microsoft ® Official Course Module 9 Configuring Applications.

Microsoft ® Official Course Module 9 Configuring Applications.
Working with Applications Lesson 7. Objectives Administer Internet Explorer Secure Internet Explorer Configure Application Compatibility Configure Application.

Working with Applications Lesson 7. Objectives Administer Internet Explorer Secure Internet Explorer Configure Application Compatibility Configure Application.
Linux Operations and Administration

Linux Operations and Administration
Chapter-4 Windows 2000 Professional Win2K Professional provides a very usable interface and was designed for use in the desktop PC. Microsoft server system.

Chapter-4 Windows 2000 Professional Win2K Professional provides a very usable interface and was designed for use in the desktop PC. Microsoft server system.
70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment, Enhanced Chapter 9: Implementing and Using Group Policy.

70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment, Enhanced Chapter 9: Implementing and Using Group Policy.
26/4/2001VMware - HEPix - LAL 2001 Windows/Linux Coexistence : VMware Approach HEPix – LAL Apr. 2001 Michel Jouvin

26/4/2001VMware - HEPix - LAL 2001 Windows/Linux Coexistence : VMware Approach HEPix – LAL Apr Michel Jouvin
SUSE Linux Enterprise Server Administration (Course 3037) Chapter 4 Manage Software for SUSE Linux Enterprise Server.

SUSE Linux Enterprise Server Administration (Course 3037) Chapter 4 Manage Software for SUSE Linux Enterprise Server.
SKA/KAT SPIN Presentation Software Engineering (!?) 2007-01-17 Robert Crida.

SKA/KAT SPIN Presentation Software Engineering (!?) Robert Crida.
Eric Keller, Evan Green Princeton University PRESTO 2008 8/22/08 Virtualizing the Data Plane Through Source Code Merging.

Eric Keller, Evan Green Princeton University PRESTO /22/08 Virtualizing the Data Plane Through Source Code Merging.
11 MANAGING AND DISTRIBUTING SOFTWARE BY USING GROUP POLICY Chapter 5.

11 MANAGING AND DISTRIBUTING SOFTWARE BY USING GROUP POLICY Chapter 5.
CN1176 Computer Support Kemtis Kunanuraksapong MSIS with Distinction MCT, MCTS, MCDST, MCP, A+

CN1176 Computer Support Kemtis Kunanuraksapong MSIS with Distinction MCT, MCTS, MCDST, MCP, A+

Similar presentations

Ads by Google