1 |
Alan McKinnon <alan@××××××××××××××××.za> writes: |
2 |
|
3 |
> It's more than that. It's the portage *BUILD*DIRECTORY* (which just |
4 |
> happens to be short-lived, not temp), that's where all your merges are |
5 |
> built. Just like you don't want to give just anyone the ability to |
6 |
> overwrite your binaries in /bin, you also don't want to give just |
7 |
> anyone the ability to overwrite the same binaries while they are being |
8 |
> built. |
9 |
|
10 |
But I think giving group and others proper read and execute access is |
11 |
safe enough. Like everybody can read things under /bin. |
12 |
|
13 |
> You can start by investigating the various sandbox and userpriv FEATURES |
14 |
> in make.conf (info in the portage man pages), |
15 |
|
16 |
I doubt they could solve the issue.. |
17 |
|
18 |
,----[ ls -l . | grep work ] |
19 |
| drwx------ 3 portage portage 80 Sep 3 10:43 work |
20 |
`---- |
21 |
|
22 |
,----[ ls work -l ] |
23 |
| drwxr-xr-x 21 root root 1432 Sep 3 10:50 emacs-unicode |
24 |
`---- |
25 |
|
26 |
The problematic part is `work' directory. It better give normal users rx |
27 |
access. |
28 |
|
29 |
> or set up your sudoers to allow you to run commands as portage (I |
30 |
> imagine you don't want to debug as root as permission bugs won't show |
31 |
> up) |
32 |
|
33 |
No, I don't want to run sudo here. |
34 |
|
35 |
-- |
36 |
William |
37 |
|
38 |
-- |
39 |
gentoo-user@g.o mailing list |