Date: Sun, 2 Jul 2000 14:19:25 -0500 (CDT) From: Mike Meyer <mwm@mired.org> To: Bill Barnes <bbarnes@operamail.com> Cc: questions@FreeBSD.ORG Subject: Re: Ports via FTP Message-ID: <14687.38333.574810.752211@guru.mired.org> In-Reply-To: <bulk.26954.20000701211851@hub.freebsd.org> References: <bulk.26954.20000701211851@hub.freebsd.org>
next in thread | previous in thread | raw e-mail | index | archive | help
> From: Bill Barnes <bbarnes@operamail.com> > I'm doing my first one of the above and it bothers me that I am online as > root. Well, you don't say how you're going online, but most for the methods I'm familiar with, being root isn't any worse for security than anything else. The critical thing isn't which ID copies the packets across the network, it's what happens to them after they get to your machine. I use userland ppp, and filter things so that only inbound things I trust can get through. > There must be a way around this, but how can non-root write to /usr. Letting non-root write to /usr is a lot worse for security than going online as root. There are a number of alternatives that don't involve doing that. The easist thing would be to chown the entire ports tree to be owned by the userid you want to do the build. Then do "make" as that person, and "make install" as root. There are some ports that will *require* you to do the "make install" as root, as the install process does things that only root should be allowed to do (creating users and setting the ownership of installed files comes to mind). Along the same lines, you could set DISTDIR & WRKDIRPREFIX in /etc/make.conf to be things you can write on as non-root. That should do the fetch and build as you. You could also just set DISTDIR, and do "make fetch". You can then do "make install" as root, though this may force you to build the dependent ports by hand. You can also replace setting DISTDIR with making the default distdir (should be /usr/ports/distdir) a symlink to some place you can write to. <mike To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?14687.38333.574810.752211>