Subject: Achieving unpriviledged builds in reverse?
To: None <>
From: Gary Thorpe <>
List: pkgsrc-users
Date: 05/10/2007 14:50:07

I do unpriviledge builds in pkgsrc for the software I have installed on
NetBSD and I am familiar with being prompted by su for the root
password for stages that require root prviledges. I am aware that sudo,
which isn't in the base system, can help reduce the number of prompts
(how?) and I was thinking of a way to achieve a similar result using

Would it be possible to do the priviledge operations in reverse? I.e.
dropping them when necessary instead of gaining them? What I was
thinking is:

1) when starting an unpriviledged build, su authenticates for root
priviledges once to start a priviledged parent
2) the parent has children which first drop these root priviledges for
those of the original user (using environment variable SU_FROM and su
[su can authenicate to a user with less priviledges right?]) to do
parts of the build which don't require them
3) the parent has children which keep their priviledges to do
priviledged parts of the build
4) the parent does not directly participate in the build process itself

How feasible is this? It would make unattended unpriviledged builds
easier (only one prompt at beginning) and possible faster (no stopping
to ask for same password over and over). An advantage over SUDO is that
it would not require host-wide configuration. If I want to work on it,
where do I start in the pkgsrc tree?

      Get news delivered with the All new Yahoo! Mail.  Enjoy RSS feeds right on your Mail page. Start today at