Date: Thu, 21 Jul 2011 19:19:20 +0400 From: Peter Vereshagin <peter@vereshagin.org> To: freebsd-questions@freebsd.org Subject: Re: build ports from not a root user? Message-ID: <20110721151919.GC7553@external.screwed.box> In-Reply-To: <4E283D86.7080407@my.gd> References: <20110721100259.GA5326@external.screwed.box> <4E283D86.7080407@my.gd>
next in thread | previous in thread | raw e-mail | index | archive | help
Oh freebsd-questions want you buy me a mersedes benz? 2011/07/21 16:53:58 +0200 Damien Fleuriot <ml@my.gd> => To freebsd-questions@freebsd.org : DF> What the f... ? favorite song lyrics, np. DF> > I'd like to build my ports from not a root user. DF> DF> That is possible but exceedingly highly inconvenient. DF> What is the reason for doing that ? Security. Because of the limitations the non-root user can have. This should decrease the probability of the bad port to ruin the system during the build process. Such a thing can be happening only in a specific conditions due to the particular build environment and can or can not be a subject of a port author's intentions. The good admin practice exclamates that if the task does not need the permission than it should not have it. Building of a a single port is certainly one of those situations. DF> I can not come up with a scenario where one would want to do that. Shall I put here the examples of the distributions those are building their packages from a non-root user? There should certainly be the ones. DF> Rather than the means you'd like to use, tell us the end you're trying DF> to accomplish. You mean about feature enhancement here, the what feature do I need in terms of functionality and how it should make me better immediately after that. The security isn't about ROI but it's business model is insurance. What I need is the more security which is about to keep my things from getting worse. But it's not a bad thing ;-) DF> In other terms: what are you trying to do ? (and don't tell me "building DF> a port as a non root user") DF> DF> DF> > How can I tell the ports system that it should su ( switch user ) before to DF> > build the dependencies? DF> DF> I don't think you can. DF> DF> DF> > Can portupgrade handle this? DF> DF> Nope. But it seem to handle the dependencies in the every separate 'make' command? I suppose it should have a tweak to do the 'make install' on the every port in the dependencies chain in the 'su -' parameter. Think I will dig it out. One day. But I'm pretty sure there's anyone on the list who knows this from portupgrade's sources. DF> > Dependencies should be installed from a root user. DF> And the rest of your ports too. It's not a problem that I'm asking about. If I install the port I know the permissions I want for this. But the ports system may not know that I need the separate environment details for building. I think there should be a tweak for this, either in ports or in portupgrade, that's a question. 73! Peter pgp: A0E26627 (4A42 6841 2871 5EA7 52AB 12F8 0CE1 4AAC A0E2 6627) -- http://vereshagin.org
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20110721151919.GC7553>