Subject: Re: pkg_comp runs everything as root
To: Steven M. Bellovin <firstname.lastname@example.org>
From: Christian Hattemer <email@example.com>
Date: 04/25/2006 12:21:06
On 24.04.06, you wrote:
> I'd like to do builds as non-root, but since builds generally recurse
> and install other packages, I don't see how that would work.
I've setup sudo with an extended cache time as SU_CMD. This works quite well
in normal pkgsrc builds. At the first install sudo will prompt for the
password and use it for later installing/packaging. You just have to keep
an eye on it, in case the build takes too long and the password times out
in sudo. It's not fully unattended, but works reasonably well, and non-root
most of the time.
However, when I got into trouble again during the last update with some
packages that wouldn't build while the previously installed ones were
already removed I swore not to do it this way anymore.
It should be quite easy to get the above way working in pkg_comp, but needs
some more work get pkg_comp itself to use sudo for setup of the
sysctl also looks interesting and is possibly simpler to use.
I'll have a look into that at the next opportunity and use pkg_comp as root
meanwhile then. I'm not about extensive security since it's only my personal
box, but I also don't want to take more risks than necessary.
Thanks for the ideas.