Date: Mon, 18 Aug 2003 08:10:37 +1000 (EST) From: Bruce Evans <bde@zeta.org.au> To: Ulrich Spoerlein <q@uni.de> Cc: current@freebsd.org Subject: Re: RFC: Allow non-root users to use make distribution and make installworld? Message-ID: <20030818075232.T3542@gamplex.bde.org> In-Reply-To: <20030817205851.GB718@galgenberg.net>
index | next in thread | previous in thread | raw e-mail
On Sun, 17 Aug 2003, Ulrich Spoerlein wrote:
> I'm trying to build a new LiveCD based upon the Freesbie scripts, and
> well, I don't want to require superuser privileges to build the LiveCD
> image. While this is not a problem with 'make buildworld' 'make
> distribution' in /usr/src/etc is "broken" for the non-root case.
>
> Attached are some patches to make this work by make the user/group
> info passed to install overrideable.
>
> The problem now lies with 'make installworld' which currently dies here:
> ===> lib/libcom_err/doc
> install-info --quiet --defsection="Programming & development tools." --defentry="* libcom_err: (com_err). A Common Error Description Library for UNIX." com_err.info /usr/test/root/usr/share/info/dir
> /usr/test/root/usr/share/info/dir: Permission denied
> *** Error code 1
>
> because /usr/share/info/dir has permissions 444 and therefore the 'user'
> can't write to that file (whereas mode 444 wouldn't stop the superuser)
>
> The question now is, should I provide patches to make this work. Do "we"
> actually want this to work? Or is anybody trying to run installworld as
> non-user doing something completely stupid?
I tried this the other day but gave up on the info dir. I was doing
something stupid -- I knew that installworld wouldn't work and only
wanted to test buildworld, but forgot to change the test script :-).
Setting INFOMODE to 644 should work after you fix all the hard-coded
ownerships and modes. Other defaults for the mode may need to be changed
similarly.
The default read-only modes are bogus for root anyway. BINMODE=555 only
made sense when BINOWN was bin. But read-only modes are a safe default.
> --- etc/isdn/Makefile.orig Sun Aug 17 20:14:23 2003
> +++ etc/isdn/Makefile Sun Aug 17 20:14:48 2003
> @@ -18,8 +18,8 @@
>
> install:
> for i in ${I4BETCPROG} ; do \
> - ${INSTALL} -o root -g wheel -m 700 $$i ${DESTDIR}/etc/isdn ; \
> + ${INSTALL} -o ${BINOWN} -g ${BINGRP} -m 700 $$i ${DESTDIR}/etc/isdn ; \
> done ; \
> for i in ${I4BETCFILE} ; do \
> - ${INSTALL} -o root -g wheel -m 600 $$i ${DESTDIR}/etc/isdn ; \
> + ${INSTALL} -o ${BINOWN} -g ${BINGRP} -m 600 $$i ${DESTDIR}/etc/isdn ; \
> done
The patches make some lines too long.
> --- etc/rc.d/motd.orig Sun Aug 17 20:24:01 2003
> +++ etc/rc.d/motd Sun Jun 15 18:55:59 2003
> @@ -33,7 +33,7 @@
> #
> echo "Updating motd."
> if [ ! -f /etc/motd ]; then
> - install -c -o ${BINOWN} -g ${BINGRP} -m ${PERMS} /dev/null /etc/motd
> + install -c -o root -g wheel -m ${PERMS} /dev/null /etc/motd
> fi
>
> case ${OSTYPE} in
This partcular patch seems to be reversed.
I don't see how rc.d can know the build defaults. Perhaps it shouldn't.
It could adjust ownerships and modes to runtime defaults if the build
ones are insecure.
Bruce
home |
help
Want to link to this message? Use this
URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20030818075232.T3542>