From owner-svn-doc-head@FreeBSD.ORG Fri Feb 15 14:53:39 2013 Return-Path: Delivered-To: svn-doc-head@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by hub.freebsd.org (Postfix) with ESMTP id 4F9BEB5B; Fri, 15 Feb 2013 14:53:39 +0000 (UTC) (envelope-from linimon@FreeBSD.org) Received: from svn.freebsd.org (svn.freebsd.org [IPv6:2001:1900:2254:2068::e6a:0]) by mx1.freebsd.org (Postfix) with ESMTP id 3D543146; Fri, 15 Feb 2013 14:53:39 +0000 (UTC) Received: from svn.freebsd.org ([127.0.1.70]) by svn.freebsd.org (8.14.5/8.14.5) with ESMTP id r1FErdRR085512; Fri, 15 Feb 2013 14:53:39 GMT (envelope-from linimon@svn.freebsd.org) Received: (from linimon@localhost) by svn.freebsd.org (8.14.5/8.14.5/Submit) id r1FErd6W085511; Fri, 15 Feb 2013 14:53:39 GMT (envelope-from linimon@svn.freebsd.org) Message-Id: <201302151453.r1FErd6W085511@svn.freebsd.org> From: Mark Linimon Date: Fri, 15 Feb 2013 14:53:39 +0000 (UTC) To: doc-committers@freebsd.org, svn-doc-all@freebsd.org, svn-doc-head@freebsd.org Subject: svn commit: r40974 - head/en_US.ISO8859-1/articles/portbuild X-SVN-Group: doc-head MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit X-BeenThere: svn-doc-head@freebsd.org X-Mailman-Version: 2.1.14 Precedence: list List-Id: SVN commit messages for the doc tree for head List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 15 Feb 2013 14:53:39 -0000 Author: linimon Date: Fri Feb 15 14:53:38 2013 New Revision: 40974 URL: http://svnweb.freebsd.org/changeset/doc/40974 Log: Move the privsep section up to the top of the document. No textaul change. Modified: head/en_US.ISO8859-1/articles/portbuild/article.xml Modified: head/en_US.ISO8859-1/articles/portbuild/article.xml ============================================================================== --- head/en_US.ISO8859-1/articles/portbuild/article.xml Fri Feb 15 14:49:56 2013 (r40973) +++ head/en_US.ISO8859-1/articles/portbuild/article.xml Fri Feb 15 14:53:38 2013 (r40974) @@ -158,6 +158,51 @@ found in CVS. + + + Notes on privilege separation + + As of January 2013, a rewrite is in progress to further separate + privileges. The following concepts are introduced: + + + + Server-side user portbuild assumes all + responsiblity for operations involving builds and communicating + with the clients. This user no longer has access to + sudo. + + + + Server-side user srcbuild is created + and given responsiblity for operations involving both VCS + operations and anything involving src builds for the clients. + This user does not have access to + sudo. + + + + The server-side + ports-arch + users go away. + + + + None of the above server-side users have + ssh keys. Individual + portmgr will accomplish all those + tasks using ksu. (This is + still work-in-progress.) + + + + The only client-side user is also named + portbuild and still has access to + sudo for the purpose of managing + jails. + + + @@ -2428,51 +2473,6 @@ zfs destroy -r a/snap/src-o Please talk to Mark Linimon before making any changes to this section. - - Notes on privilege separation - - As of January 2013, a rewrite is in progress to further separate - privileges. The following concepts are introduced: - - - - Server-side user portbuild assumes all - responsiblity for operations involving builds and communicating - with the clients. This user no longer has access to - sudo. - - - - Server-side user srcbuild is created - and given responsiblity for operations involving both VCS - operations and anything involving src builds for the clients. - This user does not have access to - sudo. - - - - The server-side - ports-arch - users go away. - - - - None of the above server-side users have - ssh keys. Individual - portmgr will accomplish all those - tasks using ksu. (This is - still work-in-progress.) - - - - The only client-side user is also named - portbuild and still has access to - sudo for the purpose of managing - jails. - - - - Basic installation