From owner-freebsd-ports@FreeBSD.ORG Tue Feb 8 22:13:29 2005 Return-Path: Delivered-To: freebsd-ports@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 74A6F16A4D4; Tue, 8 Feb 2005 22:13:29 +0000 (GMT) Received: from out004.verizon.net (out004pub.verizon.net [206.46.170.142]) by mx1.FreeBSD.org (Postfix) with ESMTP id CC8ED43D1D; Tue, 8 Feb 2005 22:13:28 +0000 (GMT) (envelope-from reso3w83@verizon.net) Received: from ringworm.mechee.com ([4.26.84.7]) by out004.verizon.net ESMTP <20050208221328.ZCHR15146.out004.verizon.net@ringworm.mechee.com>; Tue, 8 Feb 2005 16:13:28 -0600 Received: by ringworm.mechee.com (Postfix, from userid 1001) id E28842CE7D6; Tue, 8 Feb 2005 14:09:26 -0800 (PST) From: "Michael C. Shultz" To: Ade Lovett Date: Tue, 8 Feb 2005 14:09:26 -0800 User-Agent: KMail/1.7.2 References: <200501190505.j0J55Jj2023425@freefall.freebsd.org> <200502081326.09576.reso3w83@verizon.net> <4209346F.3010801@FreeBSD.org> In-Reply-To: <4209346F.3010801@FreeBSD.org> MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit Content-Disposition: inline Message-Id: <200502081409.26582.reso3w83@verizon.net> X-Authentication-Info: Submitted using SMTP AUTH at out004.verizon.net from [4.26.84.7] at Tue, 8 Feb 2005 16:13:28 -0600 cc: ports@freebsd.org Subject: Re: Non-root port/package installs X-BeenThere: freebsd-ports@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Porting software to FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 08 Feb 2005 22:13:29 -0000 On Tuesday 08 February 2005 01:51 pm, you wrote: > Michael C. Shultz wrote: > > If a port is prefix compliant and the prefix is set to the user's > > home directory then lowered privileges may be waranted, otherwise > > only root should be installing and removing ports IMHO. > > Conceptually, yes. The point of the followup is that it would > probably make more sense to have package building clusters run as a > non-privileged user. > > This would then show up ALL ports that need such modification for > pre-install/pre-su-install and post-install/post-su-install, and > fixes could be done tree-wide, rather than going on a piecemeal basis > which is likely to take considerably longer, and require considerably > more effort. And my point is, if a port is being installed or removed from anywhere other than the users own home it should fail. Seems like to test this idea of yours on the package build cluster would require trying to install and remove a port to the base system to make sure it fails, then to install and remove it from the non-privileged user's home to insure it succeeds. That is a unnecessary waste of time. This sounds like a function of the ports system to deal with, deciding privileges vs ability to install where and when. No need for individual ports to deal with this. -Mike