Date: Fri, 12 Feb 1999 19:02:57 -0800 (PST) From: Brian Behlendorf <brian@hyperreal.org> To: questions@FreeBSD.ORG Subject: q about ports, root, security Message-ID: <Pine.BSF.4.05.9902121852150.15344-100000@pez.hyperreal.org>
next in thread | raw e-mail | index | archive | help
Maybe this is more appropriate for ports@, or security@, or something else; I didn't find anything relevant to this thread in the mail archives. It seems to me that the modus operandi for ports installation is to do the build and the install as root. It's possible to do the build as another user, but the install step almost always needs root, and the install step can sometimes trigger the installation of dependency ports, which sometimes means building those ports as root. It's generally considered a Good Thing to do as little as possible as root. I can certainly scrutinize a "make install" step if it's important to me; scrutinizing the entire build process is another issue entirely. It seems like we could come up with a solution for building ports where the port builds were executed as another user - user "ports"? user "nobody"? - if the original "make" was being done by root. Or, we could somehow enforce that a "make" will always build dependency ports, and a "make install" will only install those dependencies (or won't automatically install any, though that's a loss of nice functionality). Is this worth worrying about? I know a common target of derision are those new users who log in and send/receive mail and browser the web as "root" when using a desktop Unix; well, if we reduce the amount of time they need to spend as root, maybe they won't need to be it so much... Brian To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.BSF.4.05.9902121852150.15344-100000>