Subject: Re: trusting cvs & pkgsrc
To: None <netbsd-users@NetBSD.org>
From: Michael Parson <mparson@bl.org>
List: netbsd-users
Date: 12/15/2005 14:23:31
On Thu, Dec 15, 2005 at 09:21:07PM +0100, Jan Danielsson wrote:
> Hello all,
> 
>    On my NetBSD system, I have a user called "pkgsrc", with a home
> directory /home/pkgsrc which is responsible for storing pkgsrc. I don't
> find this to be optimal. I would prefer to keep pkgsrc in /usr/pkgsrc,
> and have root own it.
> 
>    The reason I have created a pkgsrc user is because I don't trust cvs.
> If it runs amok, I want to limits its possibilities to do damage.
> 
>    Now I'm setting up a new NetBSD system. On it, I would prefer to not
> have a pkgsrc user. But I still don't trust cvs.
> 
>    Would it be possible to create a "jail" for sync:ing pkgsrc with
> root? I haven't used chroot:ed jails, but I assume that they are for
> doing what I want(?). Has anyone done what I want to do, and give some
> pointers?
> 
> ...or am I overly paranoid for not trusting cvs?
> 
>    I love the "least possible rights" philisophy, and sync:ing pkgsrc
> really doesn't require root privileges.

Make pkgsrc's homedir be /usr/pkgsrc, do all your builds as the user
pkgsrc, till you need to install or update, then do that with sudo.

-- 
Michael Parson
mparson@bl.org