1 |
On 10/02/2014 21:03, Walter Dnes wrote: |
2 |
> On Mon, Feb 10, 2014 at 05:09:55PM +0000, Stroller wrote |
3 |
>> |
4 |
>> On Mon, 10 February 2014, at 4:55 pm, Gleb Klochkov <glebiuskv@×××××.com> wrote: |
5 |
>> |
6 |
>>> Hi. Try to use sudo with no password for eix-sync. |
7 |
>> |
8 |
>> I'd really rather not. Thanks, though. |
9 |
> |
10 |
> Being in group "portage" is not enough. That merely lets you do |
11 |
> emerges with "--pretend". "emerge --sync" modifies files in |
12 |
> /usr/portage. Files and directories in /usr/portage/ are user:group |
13 |
> root:root. Therefore you *NEED* root-level permission to modify them. |
14 |
|
15 |
Not quite, it's not a cut and dried as that. If root chowns the files to |
16 |
a regular user, and that user then syncs, ownership remains with the |
17 |
user (as a regular user can't chown stuff and the owner must remain the |
18 |
user regardless of what the master tree reckons the owning uid is). |
19 |
|
20 |
If the tree is then synced by root, well then all the problems come back :-) |
21 |
|
22 |
|
23 |
|
24 |
|
25 |
> No ifs/ands/ors/buts. The overall easiest method is to (as root)... |
26 |
> * "emerge sudoers" if it's not installed |
27 |
> * "visudo -f /etc/sudoers.d/001" (or whatever you want to call the file) |
28 |
> * set up the file. Here's a fragment from my system, with user |
29 |
> "waltdnes" and machine name "i660" |
30 |
> waltdnes i660 = (root) NOPASSWD: /usr/sbin/hibernate |
31 |
> waltdnes i660 = (root) NOPASSWD: /sbin/fdisk -l |
32 |
> |
33 |
> I could manually type the command with sudo, but I'm lazy. In my |
34 |
> /home/waltdnes/bin directory, I have a file "hb" |
35 |
> |
36 |
> #!/bin/bash |
37 |
> sync |
38 |
> sleep 15 |
39 |
> sudo /usr/sbin/hibernate |
40 |
> |
41 |
> and file "fdl" |
42 |
> |
43 |
> #!/bin/bash |
44 |
> sudo /sbin/fdisk -l |
45 |
> |
46 |
> To sync the machine, I could add to /etc/sudoers.d/001 |
47 |
> |
48 |
> waltdnes i660 = (root) NOPASSWD: /usr/bin/emerge --sync |
49 |
> |
50 |
> and create (as waltdnes) /home/waltdnes/emsy |
51 |
> |
52 |
> #!/bin/bash |
53 |
> /usr/bin/emerge --sync |
54 |
> |
55 |
> For security, I strongly recommend that the full path of the |
56 |
> executable be specified, as well as any options. Do not use the $* |
57 |
> commandline parameter in the sudoers file. It probably works, but is |
58 |
> too wide open. |
59 |
> |
60 |
|
61 |
|
62 |
-- |
63 |
Alan McKinnon |
64 |
alan.mckinnon@×××××.com |