Re: FHS: Where to store user specific plugins / code
- Date: Wed, 28 Feb 2018 18:14:17 -0500
- From: Marvin Renich <mrvn@xxxxxxxxxx>
- Subject: Re: FHS: Where to store user specific plugins / code
* Ian Jackson <ijackson@xxxxxxxxxxxxxxxxxxxxxx> [180228 17:45]:
> Georg Faerber writes ("FHS: Where to store user specific plugins / code"):
> > I'm maintaining schleuder in Debian , a "gpg-enabled mailing list
> > manager with resending-capabilities".
> > Currently, we allow users to run / execute their own plugins, stored in
> > /etc/schleuder/plugins. Obviously, that's not the right place, as /etc
> > is for config files, not executable code. We would like to fix this, but
> > are unsure which location to offer. The (empty) directory would be
> > provided by the package, but the (possible) content would be provided by
> > the user.
> > Therefore, I'm wondering what's the correct place: Would
> > /usr/local/lib/schleuder/plugins be sensible? If not, any other place
> > which is more suitable?
> Do plugins do something which people might not want if present, and
> not configured ? If so then perhaps you want a thing a bit like the
> apache mods-enabled scheme: a link farm.
> If not, then if it's easy to do I would load all plugins in
> (former masking the latter with for with the same name)
If a user get to install his/her own plugins, they should go in the
user's home directory, e.g. /home/user/.config/scheduler/plugins/.
Non-root users should not generally be given write permission to
/usr/local, and definitely not to /usr/lib.
If the app takes care of installing the plugins on the user's behalf,
that is slightly different. However, if the plugin can be selected by
the user from a non-trusted source, I would still go with the user's
directory. Allowing a non-root user to put his own plugin where others
can execute it without being able (even required) to verify its
integrity is a huge security hole.
Ian's comments are good for admin-installed plugins that the users can
use. In fact there is good precedent for an app checking
/usr/lib/pkg/... for plugins installed from Debian packages,
/usr/local/lib/pkg/... for plugins installed by the admin from
non-Debian locations, and then finally the user's .config/pkg/...