Why does informant need sudo?
Closed this issue · 2 comments
I was wondering if there is a specific reason why informant requires root privileges or membership in the informant
group.
AFAIK that command doesn't do any changes to the system. And since the displayed news are publicly available on the arch website, this seems like an odd choice to me.
If this is meant to protect admins against users maliciously reading the news (something I never thought I'd write 😅), wouldn't it be more desirable to keep the data in the users home directory (like PR #17 suggests)?
There's already some discussion of this in #2, but basically I've kept the save information in /var
because of the pacman hook.
When the hook executes it does so with privileges (either sudo or root depending on how pacman is called) and it needs access to the save file. While there are ways to get the sudo user and access their home folder I'm not sure how I feel about a privileged process changing data in the users home directory. But using the group or sudo access feels like a cleaner solution to me.
Thank you for your quick reply.
While I personally wouldn't really be against a privileged process reading from and writing to a file inside my home directory (so long as my user is the files owner and can modify/delete it), I do agree with the argument about users logging in as root you made in the linked issue.