1 |
On Sat, Jan 11, 2020 at 9:37 AM Dale <rdalek1967@×××××.com> wrote: |
2 |
> |
3 |
> I run emerge as root but the proper permissions, or at least was several |
4 |
> years ago, is portage:portage and rwx access for both. This is my settings. |
5 |
|
6 |
By default portage drops permissions to portage:portage during most |
7 |
phases, including reading the repository (which requires executing |
8 |
ebuilds and eclasses even for what are intended to be read-only |
9 |
functions). |
10 |
|
11 |
If every file in the repository isn't readable by portage, then you |
12 |
will have problems. |
13 |
|
14 |
Portage also drops permissions during syncing, so if you have files |
15 |
that aren't modifiable by portage then that can also cause issues if |
16 |
you sync. |
17 |
|
18 |
In general it is best if everything is 664/775 portage:portage in the |
19 |
repo. It is pretty easy to mess this up if you try to update the repo |
20 |
manually, such as by running git pull as root in a git repo. If you |
21 |
use emerge --sync to update then you won't have this problem. If |
22 |
you've messed up permissions you can go fixing them with chown/chmod, |
23 |
or you can just delete the whole repository directory tree and do an |
24 |
emerge --sync to re-create it. |
25 |
|
26 |
> If I recall correctly, if you |
27 |
> add your user to the portage group, you can run a lot of commands as |
28 |
> user. |
29 |
|
30 |
Unless you have needed files set to be non-readable by everyone you |
31 |
should be able to run read-only portage commands under any user, like |
32 |
emerge --pretend. If you've locked anything down then being in the |
33 |
portage group would obviously help with that, assuming you've done the |
34 |
locking-down correctly. |
35 |
|
36 |
> I think you have to be root to actually install something tho. |
37 |
|
38 |
Obviously. Nothing in portage is suid so unless you've modified your |
39 |
system to have a very non-conventional security model you can't go |
40 |
installing almost anything as non-root. Portage drops permissions by |
41 |
default during most operations, but not during install or running |
42 |
install-related scripts. |
43 |
|
44 |
-- |
45 |
Rich |