From owner-freebsd-questions@FreeBSD.ORG Thu Jul 21 15:19:35 2011 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 8B4961065672 for ; Thu, 21 Jul 2011 15:19:35 +0000 (UTC) (envelope-from peter@vereshagin.org) Received: from mx1.skyriver.ru (ns1.skyriver.ru [89.108.118.221]) by mx1.freebsd.org (Postfix) with ESMTP id 4A9FE8FC1A for ; Thu, 21 Jul 2011 15:19:35 +0000 (UTC) Received: from localhost (bouazizi.torservers.net [74.120.13.132]) by mx1.skyriver.ru (Postfix) with ESMTPSA id C01D25A90 for ; Thu, 21 Jul 2011 18:50:23 +0400 (MSD) Date: Thu, 21 Jul 2011 19:19:20 +0400 From: Peter Vereshagin To: freebsd-questions@freebsd.org Message-ID: <20110721151919.GC7553@external.screwed.box> References: <20110721100259.GA5326@external.screwed.box> <4E283D86.7080407@my.gd> MIME-Version: 1.0 Content-Type: text/plain; charset=koi8-r Content-Disposition: inline In-Reply-To: <4E283D86.7080407@my.gd> Organization: ' X-Face: 8T>{1owI$Byj]]a; ^G]kRf*dkq>E-3':F>4ODP[#X4s"dr?^b&2G@'3lukno]A1wvJ_L(~u 6>I2ra/<,j1%@C[LN=>p#_}RIV+#:KTszp-X$bQOj,K Subject: Re: build ports from not a root user? X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 21 Jul 2011 15:19:35 -0000 Oh freebsd-questions want you buy me a mersedes benz? 2011/07/21 16:53:58 +0200 Damien Fleuriot => To freebsd-questions@freebsd.org : DF> What the f... ? favorite song lyrics, np. DF> > I'd like to build my ports from not a root user. DF> DF> That is possible but exceedingly highly inconvenient. DF> What is the reason for doing that ? Security. Because of the limitations the non-root user can have. This should decrease the probability of the bad port to ruin the system during the build process. Such a thing can be happening only in a specific conditions due to the particular build environment and can or can not be a subject of a port author's intentions. The good admin practice exclamates that if the task does not need the permission than it should not have it. Building of a a single port is certainly one of those situations. DF> I can not come up with a scenario where one would want to do that. Shall I put here the examples of the distributions those are building their packages from a non-root user? There should certainly be the ones. DF> Rather than the means you'd like to use, tell us the end you're trying DF> to accomplish. You mean about feature enhancement here, the what feature do I need in terms of functionality and how it should make me better immediately after that. The security isn't about ROI but it's business model is insurance. What I need is the more security which is about to keep my things from getting worse. But it's not a bad thing ;-) DF> In other terms: what are you trying to do ? (and don't tell me "building DF> a port as a non root user") DF> DF> DF> > How can I tell the ports system that it should su ( switch user ) before to DF> > build the dependencies? DF> DF> I don't think you can. DF> DF> DF> > Can portupgrade handle this? DF> DF> Nope. But it seem to handle the dependencies in the every separate 'make' command? I suppose it should have a tweak to do the 'make install' on the every port in the dependencies chain in the 'su -' parameter. Think I will dig it out. One day. But I'm pretty sure there's anyone on the list who knows this from portupgrade's sources. DF> > Dependencies should be installed from a root user. DF> And the rest of your ports too. It's not a problem that I'm asking about. If I install the port I know the permissions I want for this. But the ports system may not know that I need the separate environment details for building. I think there should be a tweak for this, either in ports or in portupgrade, that's a question. 73! Peter pgp: A0E26627 (4A42 6841 2871 5EA7 52AB 12F8 0CE1 4AAC A0E2 6627) -- http://vereshagin.org