Date: Fri, 30 Dec 2005 12:15:46 +0300 From: "Eygene A. Ryabinkin" <freebsd@rea.mbslab.kiae.ru> To: ?d?m Szilveszter <adamsz@mailpont.hu> Cc: freebsd-current@freebsd.org Subject: Re: fetch extension - use local filename from content-disposition header Message-ID: <20051230091546.GL895@rea.mbslab.kiae.ru> In-Reply-To: <2440.193.68.33.1.1135932286.squirrel@193.68.33.1> References: <20051229193328.A13367@cons.org> <20051230021602.GA9026@pit.databus.com> <43B498DF.4050204@cyberwang.net> <43B49B22.7040307@gmail.com> <20051229220403.A16743@cons.org> <20051230053906.GA75942@pit.databus.com> <2440.193.68.33.1.1135932286.squirrel@193.68.33.1>
next in thread | previous in thread | raw e-mail | index | archive | help
A bit offtopic, but... > However, when I mentioned this on -security in a thread > (about trusting trust) all I got back was that it was difficult to make > sure that all ports build as normal user. Which of course does not explain > fetching as root at all, but hey. OK, actually you can fetch as non-root: just make /usr/ports/distfiles writeable to the user (or group) that should be able to fetch the packages. The same holds for the source compilation: give the write permissions to the port's directory. 'make install' switches to the root account via 'su', so you can just issue 'make install' and the build scripts will do the trick. The price is also known: you'll need to supply the root password for each package. And this will cause the major pain to the portupgrade users -- it is not so easy to teach portupgrade to do its job from the non-root account. It can be done, but you'll still need to supply root password for every package at least two times. In principle, portupgrade and make scripts can be rearranged to be started as root, but to drop the privileges for the fetching and building via the creation of child and the setuid() call (su will help). Was such feature already discuissed and is it desirable? -- rea BOFH excuse #121: halon system went off and killed the operators
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20051230091546.GL895>