| 1 |
Alan McKinnon <alan@××××××××××××××××.za> writes: |
| 2 |
|
| 3 |
> It's more than that. It's the portage *BUILD*DIRECTORY* (which just |
| 4 |
> happens to be short-lived, not temp), that's where all your merges are |
| 5 |
> built. Just like you don't want to give just anyone the ability to |
| 6 |
> overwrite your binaries in /bin, you also don't want to give just |
| 7 |
> anyone the ability to overwrite the same binaries while they are being |
| 8 |
> built. |
| 9 |
|
| 10 |
But I think giving group and others proper read and execute access is |
| 11 |
safe enough. Like everybody can read things under /bin. |
| 12 |
|
| 13 |
> You can start by investigating the various sandbox and userpriv FEATURES |
| 14 |
> in make.conf (info in the portage man pages), |
| 15 |
|
| 16 |
I doubt they could solve the issue.. |
| 17 |
|
| 18 |
,----[ ls -l . | grep work ] |
| 19 |
| drwx------ 3 portage portage 80 Sep 3 10:43 work |
| 20 |
`---- |
| 21 |
|
| 22 |
,----[ ls work -l ] |
| 23 |
| drwxr-xr-x 21 root root 1432 Sep 3 10:50 emacs-unicode |
| 24 |
`---- |
| 25 |
|
| 26 |
The problematic part is `work' directory. It better give normal users rx |
| 27 |
access. |
| 28 |
|
| 29 |
> or set up your sudoers to allow you to run commands as portage (I |
| 30 |
> imagine you don't want to debug as root as permission bugs won't show |
| 31 |
> up) |
| 32 |
|
| 33 |
No, I don't want to run sudo here. |
| 34 |
|
| 35 |
-- |
| 36 |
William |
| 37 |
|
| 38 |
-- |
| 39 |
gentoo-user@g.o mailing list |
Archives