Subject: Re: trusting cvs & pkgsrc
To: None <netbsd-users@NetBSD.org>
From: Michael Parson <firstname.lastname@example.org>
Date: 12/15/2005 14:23:31
On Thu, Dec 15, 2005 at 09:21:07PM +0100, Jan Danielsson wrote:
> Hello all,
> On my NetBSD system, I have a user called "pkgsrc", with a home
> directory /home/pkgsrc which is responsible for storing pkgsrc. I don't
> find this to be optimal. I would prefer to keep pkgsrc in /usr/pkgsrc,
> and have root own it.
> The reason I have created a pkgsrc user is because I don't trust cvs.
> If it runs amok, I want to limits its possibilities to do damage.
> Now I'm setting up a new NetBSD system. On it, I would prefer to not
> have a pkgsrc user. But I still don't trust cvs.
> Would it be possible to create a "jail" for sync:ing pkgsrc with
> root? I haven't used chroot:ed jails, but I assume that they are for
> doing what I want(?). Has anyone done what I want to do, and give some
> ...or am I overly paranoid for not trusting cvs?
> I love the "least possible rights" philisophy, and sync:ing pkgsrc
> really doesn't require root privileges.
Make pkgsrc's homedir be /usr/pkgsrc, do all your builds as the user
pkgsrc, till you need to install or update, then do that with sudo.