From owner-freebsd-stable@FreeBSD.ORG Mon Feb 26 21:31:04 2007 Return-Path: X-Original-To: freebsd-stable@freebsd.org Delivered-To: freebsd-stable@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [69.147.83.52]) by hub.freebsd.org (Postfix) with ESMTP id 301F616A4C7 for ; Mon, 26 Feb 2007 21:31:04 +0000 (UTC) (envelope-from sem@FreeBSD.org) Received: from mail.ciam.ru (ns.ciam.ru [213.247.195.75]) by mx1.freebsd.org (Postfix) with ESMTP id 39B1013C428 for ; Mon, 26 Feb 2007 21:30:56 +0000 (UTC) (envelope-from sem@FreeBSD.org) Received: from [87.240.16.199] (helo=[192.168.0.4]) by mail.ciam.ru with esmtpa (Exim 4.x) id 1HLn4m-000A8b-GQ; Tue, 27 Feb 2007 00:08:04 +0300 Message-ID: <45E34C13.6040108@FreeBSD.org> Date: Tue, 27 Feb 2007 00:07:31 +0300 From: Sergey Matveychuk User-Agent: Thunderbird 1.5.0.9 (X11/20070124) MIME-Version: 1.0 To: "Julian C. Dunn" References: <20070226111603.P87234@aphrodite.acf.aquezada.com> In-Reply-To: <20070226111603.P87234@aphrodite.acf.aquezada.com> Content-Type: text/plain; charset=KOI8-R Content-Transfer-Encoding: 7bit Cc: freebsd-stable@freebsd.org Subject: Re: problems with portupgrade under non-root user X-BeenThere: freebsd-stable@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Production branch of FreeBSD source code List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 26 Feb 2007 21:31:05 -0000 Julian C. Dunn wrote: > I want to set up a FreeBSD system so that all portupgrades are done by a > "portbld" user, which has restricted 'sudo' rights to execute only > portupgrade-related commands. To that end, I did the following: > > $ sudo chown -R portbld:portbld /usr/ports > $ sudo chown -R portbld:portbld /var/db/sup/ports-all > $ cd /usr/ports && sudo -u portbld make update > (cvsup runs) > (add 'portbld' to sudoers with NOPASSWD: ALL for now) > $ sudo -u portbld portupgrade -s dovecot You need root at least for port install. > > Unfortunately this last step doesn't work: ruby dumps core: > > Making all in doc > cat dovecot-config.in|sed "s|moduledir=|moduledir=/usr/local/lib/dovecot|" >> dovecot-config > ** Listing the failed packages (*:skipped / !:failed) > ! mail/dovecot (dovecot-1.0.r22) (Permission denied) > ---> Packages processed: 0 done, 0 ignored, 0 skipped and 1 failed > /usr/local/sbin/portupgrade:2084: [BUG] Segmentation fault > ruby 1.8.5 (2006-12-25) [i386-freebsd6] > > Abort trap: 6 (core dumped) /var/db/pkg and var/db/ports must be writable for the user too. -- Dixi. Sem.