Installing MIT-K5 client libraries as non-root

Mike Friedman mikef at ack.berkeley.edu
Tue Sep 4 17:55:44 EDT 2007


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On Fri, 31 Aug 2007 at 01:45 (-0400), Marcus Watts wrote:

> On 8/29/07, Mike Friedman <mikef at berkeley.edu> wrote:
>
>> Is there a way to install K5 (1.6.2 in particular) for client use 
>> without being superuser?  I thought I could do this as long as my 
>> userid owns all the directories into which I'm building and installing 
>> (I'm not installing a KDC). However, now I find that 'make install' 
>> wants to run 'ginstall' with the '-o root' option. Since I'm a non-root 
>> user, I'm not going to be able to chown anything, much less to root.
>>
>> On this system (Solaris 10), I'm interested only in the K5 libraries 
>> (for our own apps, written to the MIT K5 API) and the client utilities 
>> (e.g., kinit, kadmin, etc.), not in the supplied apps such as those in 
>> ../appl/bsd. Is there, perchance, a configure or make option to specify 
>> that I don't want to install the binaries that are supposed to run as 
>> root, in particular, that I don't want/need to do chowns or setuids?
>
> What you probably really want to pay attention to is autoconf's 
> AC_PROG_INSTALL, which selects a copy of install to set as @INSTALL@, 
> which then gets expanded when config/pre.in is prepended to all the 
> output makefiles.  You can override what AC_PROG_INSTALL would select by 
> setting INSTALL=
>
> ie,
>     configure ... INSTALL=my-own-install
>
> if you don't want to write your own install, you can use the shell 
> script in the kerberos source,
>
>     ./configure INSTALL=`pwd`/config/install-sh
>
> the neat thing about this shell script is that you can override the 
> choices it makes for chown/chgrp at runtime. So when you do make 
> install, you can instead do this:
>
>     env CHOWNPROG=/bin/true CHGRPPROG=/bin/true make install
>
> This should answer's Mike's needs.

Marcus,

I just wanted to confirm that your suggestion works perfectly and is easy 
to apply whenever I do a re-install.  I just use a 'build.sh' script to 
run configure as you suggest (I already had such a script because I supply 
other overrides to configure) and an 'install.sh' script that sets the 
environment variables and runs 'make install'.

Of course, all this assumes I don't need to run the programs that really 
have to be setuid root.  But that's the case in my present situation.

Thanks again for the help.

Mike

_________________________________________________________________________
Mike Friedman                        Information Services & Technology
mikef at ack.Berkeley.EDU               2484 Shattuck Avenue
1-510-642-1410                       University of California at Berkeley
http://socrates.berkeley.edu/~mikef  http://ist.berkeley.edu
_________________________________________________________________________

-----BEGIN PGP SIGNATURE-----
Version: PGP 6.5.8

iQA/AwUBRt3Ua60bf1iNr4mCEQLgWgCePdjSglDo64KFj4QqU01aKqrOe68AoN7X
Z02IFEQAPeG4u18ItkZZudlP
=sM1k
-----END PGP SIGNATURE-----



More information about the Kerberos mailing list