From owner-freebsd-stable Mon Dec 9 7:41:39 2002 Delivered-To: freebsd-stable@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id B583E37B401 for ; Mon, 9 Dec 2002 07:41:37 -0800 (PST) Received: from mail.distalzou.net (203.141.139.231.user.ad.il24.net [203.141.139.231]) by mx1.FreeBSD.org (Postfix) with ESMTP id D26C843EC2 for ; Mon, 9 Dec 2002 07:41:31 -0800 (PST) (envelope-from devin@spamcop.net) Received: from localhost ([127.0.0.1]) by mail.distalzou.net with esmtp (Exim 3.36 #1) id 18LQ20-000Lvk-00; Tue, 10 Dec 2002 00:41:16 +0900 Date: Tue, 10 Dec 2002 00:41:16 +0900 (JST) From: Tod McQuillin X-X-Sender: devin@glass.pun-pun.prv To: Kenneth W Cochran Cc: freebsd-stable@freebsd.org Subject: Re: Non-root updating & building In-Reply-To: <200212091509.KAA56021362@shell.TheWorld.com> Message-ID: <20021210003716.V42280-100000@glass.pun-pun.prv> References: <200212091509.KAA56021362@shell.TheWorld.com> MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-stable@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG On Mon, 9 Dec 2002, Kenneth W Cochran wrote: > What would be a/the Right Way(tm:) to separate the privelege > of updating/building vs installing world and/or ports? > > I've tracked -stable and -ports for a coupla-few years > now and have long noticed that updating (cvsup/cvs), > building (make) and installing (make install) require > being superuser to run (same with ports). > > So far, the "method" I can think of for this would be to > change either the owner or the filemode for /usr/src/* > and/or /usr/ports/*, update/build as non-root & install as > root. (Owner would be simpler I think, but I'm wondering > about things like being at odds with the likes of mtree > and friends.) Am I on the right track? > > Is there any OS support for this, for example, any knobs > in, say, make.conf to enable/configure/control this? For ports, I have never tried it, but if you use the portupgrade utilities, there is a --sudo command option which seems to imply that it runs as non-root where it can and uses sudo where it needs privileges. I would be interested to know if this actually works. For build/install world, it should work to make sure your /usr/src is readable and your /usr/obj writable by a non-root user. Of course you will need to be root to install to system directories. Disclaimer: I have not tried either of these ideas. Give it a try and see what happens. -- Tod McQuillin To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-stable" in the body of the message