From owner-freebsd-questions Wed Sep 12 12:57:23 2001 Delivered-To: freebsd-questions@freebsd.org Received: from guru.mired.org (okc-94-248-46.mmcable.com [24.94.248.46]) by hub.freebsd.org (Postfix) with SMTP id C0DCA37B40C for ; Wed, 12 Sep 2001 12:57:19 -0700 (PDT) Received: (qmail 36291 invoked by uid 100); 12 Sep 2001 19:57:17 -0000 From: Mike Meyer MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Message-ID: <15263.48669.394986.741640@guru.mired.org> Date: Wed, 12 Sep 2001 14:57:17 -0500 To: brendan@cs.uchicago.edu Cc: questions@freebsd.org Subject: Re: ports/packages In-Reply-To: <17959630@toto.iv> X-Mailer: VM 6.90 under 21.1 (patch 14) "Cuyahoga Valley" XEmacs Lucid X-face: "5Mnwy%?j>IIV\)A=):rjWL~NB2aH[}Yq8Z=u~vJ`"(,&SiLvbbz2W`;h9L,Yg`+vb1>RG% *h+%X^n0EZd>TM8_IB;a8F?(Fb"lw'IgCoyM.[Lg#r\ Sender: owner-freebsd-questions@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG brendan@cs.uchicago.edu types: > hello questions, > > i would like to use the ports system with a non-privileged account. say, > "installer". is in enough to > > chown -R installer.installer /usr/local /usr/ports > > (assuming user/group are installer/installer) > > is there anything i should watch out for when doing this? will ports > that try to access other resources (like adding a file to /var or > modifying the boot scripts) give me verbose enough error messages to fix > this sort of thing by hand? Possibly. Note that many ports install things in /usr/X11R6 instead of /usr/local. > i like the integration of freebsd, but i don't like the fact that i have > to install nonsystem, untrusted software (fetched from third part ftp > sites sometimes) as root. That software isn't really untrusted. Sure, the tarballs come from third party FTP servers. But the ports system checksums the tarballs to make sure they haven't been changed. I don't know if the security team audits ports, but they do issue alerts about them when problems are found. There are parts of the base system that come from third parties and get patched to be integrated into the base system. Why are the former less trustworthy than the latter? > i really don't think managing packages should require root access. Managing the software on the system clearly has to be a privileged operation - you don't want normal users to be able to delete files. Also, many packages - at first glance, mostly servers - want to install a new user that is going to own/manage their files. That requires priveleges that no normal user can have. Normal users can't even set the ownership of a file to someone else, which will cause problems. Some ports install files that are setuid root - they do warn you about it when they do - which again requires root privileges. Finally, the long-term goal is to have a package system that encompasses the base system. For example, X is available as a port/package. Many parts of the system are available in alternative versions in the ports, and at least one such package - uucp - has been tagged to be dropped from the base system. > i would like a way to do this with packages as well. again, what > permissions do i need to change other than the package database in /var > and the destination directories (it all goes in /usr/local, right?) ? As mentioned above, /usr/X11R6. Packages come from the FreeBSD mirrors, so why don't you trust them? http://www.mired.org/home/mwm/ Independent WWW/Perforce/FreeBSD/Unix consultant, email for more information. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message