Date: Wed, 12 Sep 2001 14:57:17 -0500 From: Mike Meyer <mwm@mired.org> To: brendan@cs.uchicago.edu Cc: questions@freebsd.org Subject: Re: ports/packages Message-ID: <15263.48669.394986.741640@guru.mired.org> In-Reply-To: <17959630@toto.iv>
next in thread | previous in thread | raw e-mail | index | archive | help
brendan@cs.uchicago.edu types: > hello questions, > > i would like to use the ports system with a non-privileged account. say, > "installer". is in enough to > > chown -R installer.installer /usr/local /usr/ports > > (assuming user/group are installer/installer) > > is there anything i should watch out for when doing this? will ports > that try to access other resources (like adding a file to /var or > modifying the boot scripts) give me verbose enough error messages to fix > this sort of thing by hand? Possibly. Note that many ports install things in /usr/X11R6 instead of /usr/local. > i like the integration of freebsd, but i don't like the fact that i have > to install nonsystem, untrusted software (fetched from third part ftp > sites sometimes) as root. That software isn't really untrusted. Sure, the tarballs come from third party FTP servers. But the ports system checksums the tarballs to make sure they haven't been changed. I don't know if the security team audits ports, but they do issue alerts about them when problems are found. There are parts of the base system that come from third parties and get patched to be integrated into the base system. Why are the former less trustworthy than the latter? > i really don't think managing packages should require root access. Managing the software on the system clearly has to be a privileged operation - you don't want normal users to be able to delete files. Also, many packages - at first glance, mostly servers - want to install a new user that is going to own/manage their files. That requires priveleges that no normal user can have. Normal users can't even set the ownership of a file to someone else, which will cause problems. Some ports install files that are setuid root - they do warn you about it when they do - which again requires root privileges. Finally, the long-term goal is to have a package system that encompasses the base system. For example, X is available as a port/package. Many parts of the system are available in alternative versions in the ports, and at least one such package - uucp - has been tagged to be dropped from the base system. > i would like a way to do this with packages as well. again, what > permissions do i need to change other than the package database in /var > and the destination directories (it all goes in /usr/local, right?) ? As mentioned above, /usr/X11R6. Packages come from the FreeBSD mirrors, so why don't you trust them? <mike -- Mike Meyer <mwm@mired.org> http://www.mired.org/home/mwm/ Independent WWW/Perforce/FreeBSD/Unix consultant, email for more information. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?15263.48669.394986.741640>