Lower Privilege

To reduce security risks, we now provide a framework to run packages with a lower privileged "package user" instead of root. Below is a summary of how to join the framework and what package center does for you:

  1. Package developers provide privilege specification to specify what privilege is needed during program execution.
  2. During package installation, package center creates corresponding user and group. See Package User & Group for more detail.
  3. According to the privilege specification, package center chown files under /var/packages/${package}/target. (The setuid and setgid bit will be cleared)
  4. Package executables are run with privilege (package user, system or root) according to its file owner and group. See Mechanism for more detail.

With this framework, package developer is capable of:

Whether to lower the package's privilege and create corresponding user / group is optional. The package has to provide privilege specification to join this framework, otherwise the package will still be run with root privilege, and no user / group will be created.