Why must the installer be run as root, exactly?

Subject line says it all... why is this required?

 

Basically for setting SUID on the chrome sandbox.

 

I know what setting SUID is, but I don't understand why Unity would need to change permissions on another application. I assume by chrome sandbox, it is referring to when things are run from inside of the chrome browser, but if one isn't using that browser in the first place, then what is being accomplished by requiring root, particularly if chrome does not even exist on the computer?

That said, the linux installer should probably tell the user what, exactly, it needs root for (that is by stating exactly which files it intends to modify), and if the user wants to forgo that step or manage those permissions him or herself, I believe they should be given the option.

My 2c

 

Unity ships with its own version of chrome to power the asset store and some of the screens.

 

Okay, but I think it should at least be an option in the installer to leave setting SUID on the application up to the end user. Every additional program with SUID on in a unix-like system such as Linux adds an attack vector where certain bugs within it may be exploited by someone else to cause privilege escalation, potentially compromising an otherwise secure system.

 

Definitely agree, the installer should be clear about why it "must" be run as root. Putting that blanket statement over the whole installer just to switch chrome's suid shows disregard for security.