On 07/11/2012 11:48 AM, Guy Dalziel wrote:
> On Wed, Jul 11, 2012 at 10:32:43AM -0500, Bruce Dubbs wrote:
>> Guy Dalziel wrote:
>>
>>> Can anyone recall why we don't build as root in the first place? As far
>>> as my memory serves me, it's to do with how the permissions are set
>>> during compiling.
>> It's for general protection against typos that can ruin your whole day.
> Well there is that, but I thought there was a reason beyond that. You're
> right, though: I once wiped out my entire website that way, and I had to
> recode the entire thing from scratch. I can see the sense in proposing
> 'sudo' as a solution as I've previously used 'su -c' before and put my
> password in for every loop, but most of the time I just build it as
> root.
Well, you never know what is in a new version of a package, mistakes
happen. An unfortunate misplacement of a space in some command like "rm
-rf /usr/lib/some-package-${version}/lib/data/blah" could wreak major
havok (numerous places where a space in that example could be a
problem). If run not as root, then it is no problem at all. Using sudo
for make install does absolutely nothing to protect against that, but it
does take the two larger portions of a package build out of the equation
which drastically reduces the potential for errors. When not using a
scripted build, I usually install to DESTDIR first anyway, or at least
munge the prefix if the option isn't available, so that I can
haphazardly audit what the install target does before running it as
root. While I don't consider that completely safe, I do attempt to limit
the risk at least somewhat, but that is only for packages that aren't
already in the book. If another editor has already updated the book, I
have a reasonable expectation that they've dome similar and nothing bad
happened to them. :-)
-- DJ Lucas
--
This message has been scanned for viruses and
dangerous content, and is believed to be clean.
--
http://linuxfromscratch.org/mailman/listinfo/blfs-dev
FAQ: http://www.linuxfromscratch.org/blfs/faq.html
Unsubscribe: See the above information page
