Skip site navigation (1)Skip section navigation (2)
Date:      Fri, 30 Dec 2005 12:15:46 +0300
From:      "Eygene A. Ryabinkin" <freebsd@rea.mbslab.kiae.ru>
To:        ?d?m Szilveszter <adamsz@mailpont.hu>
Cc:        freebsd-current@freebsd.org
Subject:   Re: fetch extension - use local filename from content-disposition header
Message-ID:  <20051230091546.GL895@rea.mbslab.kiae.ru>
In-Reply-To: <2440.193.68.33.1.1135932286.squirrel@193.68.33.1>
References:  <20051229193328.A13367@cons.org> <20051230021602.GA9026@pit.databus.com> <43B498DF.4050204@cyberwang.net> <43B49B22.7040307@gmail.com> <20051229220403.A16743@cons.org> <20051230053906.GA75942@pit.databus.com> <2440.193.68.33.1.1135932286.squirrel@193.68.33.1>

next in thread | previous in thread | raw e-mail | index | archive | help
 A bit offtopic, but...

> However, when I mentioned this on -security in a thread
> (about trusting trust) all I got back was that it was difficult to make
> sure that all ports build as normal user. Which of course does not explain
> fetching as root at all, but hey.
 OK, actually you can fetch as non-root: just make /usr/ports/distfiles
writeable to the user (or group) that should be able to fetch the
packages. The same holds for the source compilation: give the write
permissions to the port's directory. 'make  install' switches to the root
account via 'su', so you can just issue 'make install' and the build
scripts will do the trick. The price is also known: you'll need to supply
the root password for each package. And this will cause the major pain to
the portupgrade users -- it is not so easy to teach portupgrade to do its
job from the non-root account. It can be done, but you'll still need to
supply root password for every package at least two times.

 In principle, portupgrade and make scripts can be rearranged to be started
as root, but to drop the privileges for the fetching and building via the
creation of child and the setuid() call (su will help). Was such feature
already discuissed and is it desirable?
-- 
 rea

BOFH excuse #121:
halon system went off and killed the operators



Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20051230091546.GL895>