Date: Mon, 9 Dec 2002 16:51:28 +0100 From: Stijn Hoop <stijn@win.tue.nl> To: Tod McQuillin <devin@spamcop.net> Cc: Kenneth W Cochran <kwc@theworld.com>, freebsd-stable@freebsd.org Subject: Re: Non-root updating & building Message-ID: <20021209155128.GJ24022@pcwin002.win.tue.nl> In-Reply-To: <20021210003716.V42280-100000@glass.pun-pun.prv> References: <200212091509.KAA56021362@shell.TheWorld.com> <20021210003716.V42280-100000@glass.pun-pun.prv>
next in thread | previous in thread | raw e-mail | index | archive | help
--VSaCG/zfRnOiPJtU Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On Tue, Dec 10, 2002 at 12:41:16AM +0900, Tod McQuillin wrote: > On Mon, 9 Dec 2002, Kenneth W Cochran wrote: > > What would be a/the Right Way(tm:) to separate the privelege > > of updating/building vs installing world and/or ports? I think it is. > > I've tracked -stable and -ports for a coupla-few years > > now and have long noticed that updating (cvsup/cvs), > > building (make) and installing (make install) require > > being superuser to run (same with ports). > > > > So far, the "method" I can think of for this would be to > > change either the owner or the filemode for /usr/src/* > > and/or /usr/ports/*, update/build as non-root & install as > > root. (Owner would be simpler I think, but I'm wondering > > about things like being at odds with the likes of mtree > > and friends.) Am I on the right track? Yes that's what I use. 'make' as non-root, 'make install' as root. > > Is there any OS support for this, for example, any knobs > > in, say, make.conf to enable/configure/control this? WRKDIRPREFIX comes in handy, as does DISTDIR. See below. > I have never tried it, but if you use the portupgrade utilities, there is > a --sudo command option which seems to imply that it runs as non-root > where it can and uses sudo where it needs privileges. >=20 > I would be interested to know if this actually works. It works perfectly with one catch: RUN_DEPENDS actually only gets build when doing a make install. This is why you sometimes still have root buildi= ng a port, if you're not careful to install the depends yourself (or let portupgrade do them using -R). > For build/install world, it should work to make sure your /usr/src is > readable and your /usr/obj writable by a non-root user. Of course you > will need to be root to install to system directories. And for a totally read-only source tree you can now (just recently MFC'd) s= et KERNCONFDIR=3D/etc or some such and don't even need to edit the kernel configuration below /usr/src. When reinstalling a system, I create a new user to own the ports/src trees, set WRKDIRPREFIX and DISTDIR in /etc/make.conf to somewhere I can write as 'stijn', and do port builds and buildworlds as 'stijn'. Only my cvsup script uses the new 'src' user. portupgrade -s (=3D=3D use sudo) works great in th= is setup. --Stijn --=20 The rain it raineth on the just And also on the unjust fella, But chiefly on the just, because The unjust steals the just's umbrella. --VSaCG/zfRnOiPJtU Content-Type: application/pgp-signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.1 (FreeBSD) iD8DBQE99LwAY3r/tLQmfWcRAqlUAJ9ZNrjyBu/Z70QxER9LzrLGexdwrQCggZSc Vpm0vgeVbw7RLi/zX0bRy40= =Z0sv -----END PGP SIGNATURE----- --VSaCG/zfRnOiPJtU-- To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-stable" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20021209155128.GJ24022>