Topic: Bug: install.sh.in and uninstaller.sh.in depend on $USER
Both install.sh.in and uninstaller.sh.in use /bin/sh and depend on the "$USER" variable being set, but this is not always the case. If you take a look at the man pages of sh (or even bash), you'll not find "$USER" among the variables provided by the shell.
In practise I've hit this bug on an Ubuntu 10.10 (Maverick) system which has Dash (0.5.5.1-7ubuntu1) symlinked to /bin/sh. I've executed the following commands to compile the mysecureshell from source (since the v1.30 binary package available from the official repo depends on various package versions from more recent Ubuntu distros):
apt-get source mysecureshell
apt-get build-dep mysecureshell
cd mysecureshell-1.30
debuild -uc -us -b
After the compilation succeeded and install.sh was invoked, I got the following error message:
###################################################################
Sorry
WARNING: You must be root to continue installation !
###################################################################
The reason is the following check:
if [ "$USER" != "root" ] ; then
...
fi
This is wrong. Not even bashism since $USER is not provided by bash either.
A more correct approach is:
euid="`id -u`"
if [ "$euid" != "0" ] ; then
echo ""
echo "##################################################################
#"
tmp=`MyGetLocale 'sorry'`
echo " $tmp $euid"
MyGetLocale 'Warning root ask'
echo "###################################################################"
echo ""
exit 1
fi
The same problem is present both in install.sh.in and uninstaller.sh.in, but only the former affects the Ubuntu source package (as far as I can tell).
With this fix I could successfully compile and build the v1.30 package.
P.S.: you could hard code the path to /usr/bin/id in the above fix, but since the install.sh script is only invoked during installation (or package building), it's not that much of a security risk to rely on the "id" command that is found in the PATH.