Gentoo Logo
Gentoo Spaceship




Note: Due to technical difficulties, the Archives are currently not up to date. GMANE provides an alternative service for most mailing lists.
c.f. bug 424647
List Archive: gentoo-alt
Navigation:
Lists: gentoo-alt: < Prev By Thread Next > < Prev By Date Next >
Headers:
To: gentoo-alt@g.o
From: Armando Di Cianno <armando@...>
Subject: Re: [prefix][linux] permission problem merging apr-util on linux
Date: Wed, 11 Apr 2007 09:04:29 -0400
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1


On Apr 11, 2007, at 6:05 AM, Michael Haubenwallner wrote:
> Thing is that 'chown -R root:0' works on linux, while on non-linux it
> does not.
>
> I'm unsure how to do in prefix:
> 1) avoid chown in prefix (as the patch does currently)
> 2) chown to "$PORTAGE_INST_USER:$PORTAGE_INST_GID" instead of "root:0"

This has been perennial question for me, since I starting moving many  
ebuilds to prefix, so I'd like to start a discussion on it.

Obviously, user-privilege use of prefix-portage is sort the main way,  
as far as I can tell, that people use it right now.  As a hack -- and  
as I mainly work on Darwin, atm -- I've been wrapping or skipping  
chown/chmod/fperms/etceteras calls in 'if [ "${KERNEL}" ==  
"Darwin" ]', and ewarn'ng that "this operation is not happening'.   
This has worked -- as a hack --but raises some questions: if a  
package requires a change of permission for security reasons,  
especially, it can be considered blatantly wrong to _not_ be doing  
the change of permissions.

Also, I'd like prefix-portage to work in the classic way as root, or  
with sudo, as well as fully working for a normal, non-privileged user.

Now, a number of packages simply want to ensure that they have a user  
to run as, and the directories/homes/whatever are owned by that  
user.  In this case, working with user privileges, it's easy enough  
to ensure installed files bear the permissions of the user running  
emerge.

For packages that practically *require* permission changes, I suggest  
something like the following; if we can inject userpriv as the  
'default' into FEATURES, we can simply RESTRICT these temperamental- 
security-wise ebuilds with userpriv.

If we do something like the above, we can easily move all the chown/ 
chmod/fperms calls to "echown, echmod, efperms" and have these  
decisions happen in the background (or tossing an error that sudo is  
required or something).

Specifics aside, I'd like to know if this is generally the idea most  
of us have in our heads about how prefix-portage should work.  And  
then, specifically, I wonder if we can co-opt 'userpriv' in that way,  
since it seems pretty apt to be used in this fashion.

__armando
aka fafhrd

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (Darwin)

iD8DBQFGHNzg1uuRqaoClwIRAhBUAJoCap/qHrjoWgmqX13hUmNhTFWHEgCeJT3D
AlUApd1EWMQ1DhskjYjVvP4=
=s+bC
-----END PGP SIGNATURE-----
-- 
gentoo-alt@g.o mailing list


Replies:
Re: [prefix][linux] permission problem merging apr-util on linux
-- Fabian Groffen
References:
[prefix][linux] permission problem merging apr-util on linux
-- Michael Haubenwallner
Navigation:
Lists: gentoo-alt: < Prev By Thread Next > < Prev By Date Next >
Previous by thread:
[prefix][linux] permission problem merging apr-util on linux
Next by thread:
Re: [prefix][linux] permission problem merging apr-util on linux
Previous by date:
Re: Re: AIX: grep .gettext
Next by date:
Re: [prefix][linux] permission problem merging apr-util on linux


Updated Jun 17, 2009

Summary: Archive of the gentoo-alt mailing list.

Donate to support our development efforts.

Copyright 2001-2013 Gentoo Foundation, Inc. Questions, Comments? Contact us.