setuid only if root

Running the sandbox without setuid is less secure, but it will still work, it is not possible for nix to make binaries setuid when being used as a pkg manager outside of NixOS, i.e. on Debian.
author: Richard Ipsum <richardipsum@fastmail.co.uk> 2017-06-22 19:02:53 +0100
committer: Richard Ipsum <richardipsum@fastmail.co.uk> 2017-07-08 23:43:45 +0100
commit: 8d8b213c4c91efa388560037b40b19d8c2b59549 (patch)
tree: e8b720506c583e5c50dd88b995900f635fe5045e
parent: 63ee18cee0fa87cbac11f7688d460200ac61cdb8 (diff)
download: supple-8d8b213c4c91efa388560037b40b19d8c2b59549.tar.gz
1 files changed, 4 insertions, 2 deletions
diff --git a/Makefile b/Makefile
index f3d9d62..1a1bd94 100644
--- a/Makefile
+++ b/Makefile
@@ -59,8 +59,10 @@ install: build
 	mkdir -p $(CINST_ROOT)/supple
 	mkdir -p $(BINST_ROOT)
 	cp wrapper $(DESTDIR)$(WRAPPER_PATH)
-	chown root:root $(DESTDIR)$(WRAPPER_PATH)
-	chmod u+s $(DESTDIR)$(WRAPPER_PATH)
+	if [ "$$(whoami)" = "root" ]; then \
+		chown root:root $(DESTDIR)$(WRAPPER_PATH); \
+		chmod u+s $(DESTDIR)$(WRAPPER_PATH); \
+	fi
 	for MOD in $(sort $(LMOD_FILES)); do \
 		$(COPY_LMOD) lib/$${MOD} > $(LINST_ROOT)/$${MOD}; \
 	done
author	Richard Ipsum <richardipsum@fastmail.co.uk>	2017-06-22 19:02:53 +0100
committer	Richard Ipsum <richardipsum@fastmail.co.uk>	2017-07-08 23:43:45 +0100
commit	8d8b213c4c91efa388560037b40b19d8c2b59549 (patch)
tree	e8b720506c583e5c50dd88b995900f635fe5045e
parent	63ee18cee0fa87cbac11f7688d460200ac61cdb8 (diff)
download	supple-8d8b213c4c91efa388560037b40b19d8c2b59549.tar.gz