From owner-freebsd-questions  Tue Jul  2 11:08:32 1996
Return-Path: owner-questions
Received: (from root@localhost)
          by freefall.freebsd.org (8.7.5/8.7.3) id LAA26682
          for questions-outgoing; Tue, 2 Jul 1996 11:08:32 -0700 (PDT)
Received: from mistery.mcafee.com (jimd@mistery.mcafee.com [192.187.128.69])
          by freefall.freebsd.org (8.7.5/8.7.3) with SMTP id LAA26677
          for <questions@FreeBSD.org>; Tue, 2 Jul 1996 11:08:30 -0700 (PDT)
Received: (from jimd@localhost) by mistery.mcafee.com (8.6.11/8.6.9) id LAA23381; Fri, 2 Jul 2010 11:26:09 -0700
From: Jim Dennis <jimd@mistery.mcafee.com>
Message-Id: <201007021826.LAA23381@mistery.mcafee.com>
Subject: Re: src tree owners
To: tcg@ime.net
Date: Fri, 2 Jul 110 11:26:09 -0700 (PDT)
Cc: fqueries@jraynard.demon.co.uk, dwhite@resnet.uoregon.edu,
        questions@FreeBSD.org
In-Reply-To: <31D9552A.2988@ime.net> from "Gary Chrysler" at Jul 2, 96 12:58:18 pm
X-Mailer: ELM [version 2.4 PL24]
MIME-Version: 1.0
Content-Type: text/plain; charset=US-ASCII
Content-Transfer-Encoding: 7bit
Sender: owner-questions@FreeBSD.org
X-Loop: FreeBSD.org
Precedence: bulk

> 
> James Raynard wrote:
> > > > Is it safe to chown the src tree so one can use it without
> > > > having to be su.
> > > > Is there a `proper` way for this?
> > > Why?  You have to be su to write to anything in there by default (and I
> > > know this from many personal experieneces forgetting to su to root before
> > > editing my kernel config :-).
> > Erm, perhaps that was why he was asking? :-)
> 
> Thanks James.. :)
> 
> > In any event, you have to be root to be able to *install* anything
> > you've built from the source tree, so there doesn't seem to be a great
> > deal of point in changing it.
> 
> Yes, I understand the need to be root for install. No problem.
> But what about general editing of the source.
> I would like to make it so *I* don't have to su.
> It's very anoying to get into tweaking a source file, Go to save
> and it pops up `Read Only`!
> 
> I know, su'ing first will solve that problem.. :)
> 
> > On Unix, the `proper` way is for configuration files to be owned by
> > root - it's not a good idea to allow just anybody to change them!
> 
> I Agree! My question was/is about the Source tree!

	You might consider simply adding yourself to the 'bin' group
	(and setting the SGID bit on the directories).  The default
	configuration seems to leave the sources g+w and owned by 
	root.bin.

	In a multi-user environment you should consider installing
	tripwire and being particularly careful to monitor it for
	source tree changes.  Anyone who can get a simply change into
	any source file -- and get 'root' to build it can effectively
	take control of the entire system. (This is true of the system
	binaries as well -- but more insidious).

> -Enjoy
> Gary
> ~~~~~~~~~~~~~~~~
> Improve America's Knowledge... Share yours
> The Borg... Where minds meet
> (207) 929-3848