1 |
On Monday 03 September 2007, William Xu wrote: |
2 |
> Rumen Yotov <rumen@××××××.org> writes: |
3 |
> > May be because this directory is meant to be used by portage only. |
4 |
> |
5 |
> Since it's just a tmp dir, only allowing portage user to read seems |
6 |
> too strict. |
7 |
|
8 |
It's more than that. It's the portage *BUILD*DIRECTORY* (which just |
9 |
happens to be short-lived, not temp), that's where all your merges are |
10 |
built. Just like you don't want to give just anyone the ability to |
11 |
overwrite your binaries in /bin, you also don't want to give just |
12 |
anyone the ability to overwrite the same binaries while they are being |
13 |
built. |
14 |
|
15 |
This is a very good and valid use of the healthy paranoia that unix |
16 |
admins are supposed to be born with. |
17 |
|
18 |
You can start by investigating the various sandbox and userpriv FEATURES |
19 |
in make.conf (info in the portage man pages), or set up your sudoers to |
20 |
allow you to run commands as portage (I imagine you don't want to debug |
21 |
as root as permission bugs won't show up) |
22 |
|
23 |
alan |
24 |
|
25 |
-- |
26 |
Optimists say the glass is half full, |
27 |
Pessimists say the glass is half empty, |
28 |
Developers say wtf is the glass twice as big as it needs to be? |
29 |
|
30 |
Alan McKinnon |
31 |
alan at linuxholdings dot co dot za |
32 |
+27 82, double three seven, one nine three five |
33 |
-- |
34 |
gentoo-user@g.o mailing list |