Skip site navigation (1)Skip section navigation (2)
Date:      Thu, 21 Jul 2011 19:19:20 +0400
From:      Peter Vereshagin <peter@vereshagin.org>
To:        freebsd-questions@freebsd.org
Subject:   Re: build ports from not a root user?
Message-ID:  <20110721151919.GC7553@external.screwed.box>
In-Reply-To: <4E283D86.7080407@my.gd>
References:  <20110721100259.GA5326@external.screwed.box> <4E283D86.7080407@my.gd>

Next in thread | Previous in thread | Raw E-Mail | Index | Archive | Help
Oh freebsd-questions want you buy me a mersedes benz?
2011/07/21 16:53:58 +0200 Damien Fleuriot <ml@my.gd> => To freebsd-questions@freebsd.org :
DF> What the f... ?

favorite song lyrics, np.

DF> > I'd like to build my ports from not a root user.
DF> 
DF> That is possible but exceedingly highly inconvenient.
DF> What is the reason for doing that ?

Security. Because of the limitations the non-root user can have.
This should decrease the probability of the bad port to ruin the system during
the build process.
Such a thing can be happening only in a specific conditions due to the
particular build environment and can or can not be a subject of a port author's
intentions.
The good admin practice exclamates that if the task does not need the
permission than it should not have it. Building of a a single port is certainly
one of those situations.

DF> I can not come up with a scenario where one would want to do that.

Shall I put here the examples of the distributions those are building their
packages from a non-root user? There should certainly be the ones.

DF> Rather than the means you'd like to use, tell us the end you're trying
DF> to accomplish.

You mean about feature enhancement here, the what feature do I need in terms of
functionality and how it should make me better immediately after that.
The security isn't about ROI but it's business model is insurance.
What I need is the more security which is about to keep my things from getting
worse.
But it's not a bad thing ;-)

DF> In other terms: what are you trying to do ? (and don't tell me "building
DF> a port as a non root user")
DF> 
DF> 
DF> > How can I tell the ports system that it should su ( switch user ) before to
DF> > build the dependencies?
DF> 
DF> I don't think you can.
DF> 
DF> 
DF> > Can portupgrade handle this?
DF> 
DF> Nope.

But it seem to handle the dependencies in the every separate 'make' command?
I suppose it should have a tweak to do the 'make install' on the every port in
the dependencies chain in the 'su -' parameter.
Think I will dig it out. One day.
But I'm pretty sure there's anyone on the list who knows this from
portupgrade's sources.

DF> > Dependencies should be installed from a root user.
DF> And the rest of your ports too.

It's not a problem that I'm asking about.
If I install the port I know the permissions I want for this.
But the ports system may not know that I need the separate environment details
for building.
I think there should be a tweak for this, either in ports or in portupgrade,
that's a question.

73! Peter pgp: A0E26627 (4A42 6841 2871 5EA7 52AB  12F8 0CE1 4AAC A0E2 6627)
--
http://vereshagin.org



Want to link to this message? Use this URL: <http://docs.FreeBSD.org/cgi/mid.cgi?20110721151919.GC7553>