| 1 |
On Sat, Jan 11, 2020 at 9:37 AM Dale <rdalek1967@×××××.com> wrote: |
| 2 |
> |
| 3 |
> I run emerge as root but the proper permissions, or at least was several |
| 4 |
> years ago, is portage:portage and rwx access for both. This is my settings. |
| 5 |
|
| 6 |
By default portage drops permissions to portage:portage during most |
| 7 |
phases, including reading the repository (which requires executing |
| 8 |
ebuilds and eclasses even for what are intended to be read-only |
| 9 |
functions). |
| 10 |
|
| 11 |
If every file in the repository isn't readable by portage, then you |
| 12 |
will have problems. |
| 13 |
|
| 14 |
Portage also drops permissions during syncing, so if you have files |
| 15 |
that aren't modifiable by portage then that can also cause issues if |
| 16 |
you sync. |
| 17 |
|
| 18 |
In general it is best if everything is 664/775 portage:portage in the |
| 19 |
repo. It is pretty easy to mess this up if you try to update the repo |
| 20 |
manually, such as by running git pull as root in a git repo. If you |
| 21 |
use emerge --sync to update then you won't have this problem. If |
| 22 |
you've messed up permissions you can go fixing them with chown/chmod, |
| 23 |
or you can just delete the whole repository directory tree and do an |
| 24 |
emerge --sync to re-create it. |
| 25 |
|
| 26 |
> If I recall correctly, if you |
| 27 |
> add your user to the portage group, you can run a lot of commands as |
| 28 |
> user. |
| 29 |
|
| 30 |
Unless you have needed files set to be non-readable by everyone you |
| 31 |
should be able to run read-only portage commands under any user, like |
| 32 |
emerge --pretend. If you've locked anything down then being in the |
| 33 |
portage group would obviously help with that, assuming you've done the |
| 34 |
locking-down correctly. |
| 35 |
|
| 36 |
> I think you have to be root to actually install something tho. |
| 37 |
|
| 38 |
Obviously. Nothing in portage is suid so unless you've modified your |
| 39 |
system to have a very non-conventional security model you can't go |
| 40 |
installing almost anything as non-root. Portage drops permissions by |
| 41 |
default during most operations, but not during install or running |
| 42 |
install-related scripts. |
| 43 |
|
| 44 |
-- |
| 45 |
Rich |
Archives