[tex-live] Tool update outside tlmgr

Nelson H. F. Beebe beebe at math.utah.edu
Sat Dec 5 16:02:22 CET 2015


Paulo Roberto Massa Cereda <cereda.paulo at gmail.com> writes on
Sat, 5 Dec 2015 08:13:35 -0200:

>> ...
>> ... one should invoke
>> 
>> $ sudo arara --update-rules
>> 
>> or
>> 
>> $ su -c 'arara --update-rules'
>> 
>> in order to have the proper access privileges.
>> ...

I would STRONGLY oppose that.  Software such as TeX Live should NEVER
need root access to install.  Instead, it should be installed and
owned by the user of a single-user machine, or the administrator(s) of
a shared machine, or better, by a special unprivileged account
accessible to the owner/administrator.

Root privileges are extremely dangerous when foreign software is run.
The recent BitLocker-like attack on GNU/Linux systems (wherein files
in all filesystems are encrypted and held for ransom by the attackers)
propagated successfully because a Web utility foolishly demanded root
access to run.  Software should always run with minimal privileges:
there is a good reason that modern Web browsers and Java try to
sandbox program execution.

-------------------------------------------------------------------------------
- Nelson H. F. Beebe                    Tel: +1 801 581 5254                  -
- University of Utah                    FAX: +1 801 581 4148                  -
- Department of Mathematics, 110 LCB    Internet e-mail: beebe at math.utah.edu  -
- 155 S 1400 E RM 233                       beebe at acm.org  beebe at computer.org -
- Salt Lake City, UT 84112-0090, USA    URL: http://www.math.utah.edu/~beebe/ -
-------------------------------------------------------------------------------


More information about the tex-live mailing list