Re: [gentoo-user] Question about initial/default ownership of /usr/portage - gentoo-user

From:	Alan McKinnon <alan.mckinnon@×××××.com>
To:	gentoo-user@l.g.o
Subject:	Re: [gentoo-user] Question about initial/default ownership of /usr/portage
Date:	Sat, 03 Oct 2015 08:41:25
Message-Id:	`560F948A.8020806@gmail.com`
In Reply to:	Re: [gentoo-user] Question about initial/default ownership of /usr/portage by Neil Bothwick

1

On 03/10/2015 10:26, Neil Bothwick wrote:

2

> On Fri, 2 Oct 2015 20:48:06 -0700, Raymond Jennings wrote:

3

>

4

>> Who is supposed to own /usr/portage?

5

>

6

> This was discussed in some detail two weeks ago. Search for the thread

7

> entitled "portage directory ownerships?".

8

>

9

>

10

11

12

There's an aspect of that we didn't discuss 2 weeks ago.

13

14

The answer to the OP's question is, as always, "it depends".

15

From man 5 make.conf, section "FEATURES":

16

17

              userfetch

18

                     When  portage  is  run  as root, drop privileges to

19

                     portage:portage  during  the  fetching  of  package

20

                     sources.

21

22

              userpriv

23

                     Allow  portage  to drop root privileges and compile

24

                     packages  as  portage:portage  without  a   sandbox

25

                     (unless usersandbox is also used).

26

27

              usersandbox

28

                     Enable  the sandbox in the compile phase, when run‐

29

                     ning without root privs (userpriv).

30

31

              usersync

32

                     Drop privileges to the owner of  ${repository_loca‐

33

                     tion}  for  emerge(1)  --sync operations. Note that

34

                     this feature assumes  that  all  subdirectories  of

35

                     ${repository_location}  have  the same ownership as

36

                     ${repository_location} itself.  It  is  the  user's

37

                     responsibility  to  ensure correct ownership, since

38

                     otherwise Portage would have to waste time validat‐

39

                     ing ownership for each and every sync operation.

40

41

42

So logically, if user* is in FEATURES then $PORTDIR should be

43

portage:portage

44

If emerge --sync is done as user alan, then all repos ($PORTDIR, local

45

overlays, layman overlays) need to be owned by alan:

46

47

if user* is not in FEATURES and everything gets run as root, then

48

PORTDIR, DISTDIR and so on can be root:root.

49

50

The point is, there really isn't a "owner:group /should/ be" rule for

51

portage data, the admin needs to make it whatever he needs it to be.

52

53

--

54

Alan McKinnon

55

alan.mckinnon@×××××.com

Gentoo Archives: gentoo-user

Replies

1	On 03/10/2015 10:26, Neil Bothwick wrote:
2	> On Fri, 2 Oct 2015 20:48:06 -0700, Raymond Jennings wrote:
3	>
4	>> Who is supposed to own /usr/portage?
5	>
6	> This was discussed in some detail two weeks ago. Search for the thread
7	> entitled "portage directory ownerships?".
8	>
9	>
10
11
12	There's an aspect of that we didn't discuss 2 weeks ago.
13
14	The answer to the OP's question is, as always, "it depends".
15	From man 5 make.conf, section "FEATURES":
16
17	userfetch
18	When portage is run as root, drop privileges to
19	portage:portage during the fetching of package
20	sources.
21
22	userpriv
23	Allow portage to drop root privileges and compile
24	packages as portage:portage without a sandbox
25	(unless usersandbox is also used).
26
27	usersandbox
28	Enable the sandbox in the compile phase, when run‐
29	ning without root privs (userpriv).
30
31	usersync
32	Drop privileges to the owner of ${repository_loca‐
33	tion} for emerge(1) --sync operations. Note that
34	this feature assumes that all subdirectories of
35	${repository_location} have the same ownership as
36	${repository_location} itself. It is the user's
37	responsibility to ensure correct ownership, since
38	otherwise Portage would have to waste time validat‐
39	ing ownership for each and every sync operation.
40
41
42	So logically, if user* is in FEATURES then $PORTDIR should be
43	portage:portage
44	If emerge --sync is done as user alan, then all repos ($PORTDIR, local
45	overlays, layman overlays) need to be owned by alan:
46
47	if user* is not in FEATURES and everything gets run as root, then
48	PORTDIR, DISTDIR and so on can be root:root.
49
50	The point is, there really isn't a "owner:group /should/ be" rule for
51	portage data, the admin needs to make it whatever he needs it to be.
52
53	--
54	Alan McKinnon
55	alan.mckinnon@×××××.com