Hi Thorsten, Limiting access to the expanded chroot is something that can be done.
I currently use a `build' group and have {mode 750, ug root:build} the build directory, were the base tgzs are unpacked as subdirectories, and {mode 2775, ug root:build} the result directory, so that pdebuild-internal can copy back resulting debs. `build' group members are the developers that can use pbuilder. This is a separate group than the one that has sudo rights to run pbuilder (though both have the same members); its sole role is to allow write access to the result directory and read access to the build directory. I made this setup recently and maybe it needs some tuning (probably mode 775 for the result directory is enough), but so far packages build successfully with it. However, this solution requires the creation of a system group during pbuilder's installation and setting permissions to the associated directories. Also whoever uses a custom directory setup should afterwards set the above permissions accordingly. /tmp/buildd is already preserved by the compatibility symlink code inside pbuilder, in the sense that it is there after the base tgz unpacking. Even if the compatibility code is removed, one can set BUILDDIR=/tmp/buildd in pbuilderrc and have it there, as long as BUILDDIR is always created during unpacking. That's why I have shipped the patch with the modified comments at that point. Even if a choice is made for pbuilder to support limiting access to the expanded chroot, I believe that chroot's temporary directories should be cleaned before creating the base tgz. Other things also go there (hookdir, pbuildersatisfydepends package, etc.) and, since by design these directories are for temporary stuff, persistence should not be anticipated. Cheers, Georgios Στις Σάβ 27 Απρ 2024 στις 5:10 μ.μ., ο/η Thorsten Glaser <t...@mirbsd.de> έγραψε: > Hi Georgios, > > why not just ensure the parent directory of the chroot is not > traversable for just any normal user? > > That would allow preserving /tmp/buildd as build place as well > as retaining stuff under /run which packages create and which > is, in practice, often needed for chroots where initscripts are > not run. > > In addition, I often do use the access to the /tmp in the chroot > for debugging and bootstrapping, so maybe create a new system > group, chown 0:_pbuilder /var/cache/pbuilder/build; chmod 0750 > that directory, and good is? (Untested.) > > Then, I could add my user to that group and continue doing so. > > bye, > //mirabilos > -- > „Cool, /usr/share/doc/mksh/examples/uhr.gz ist ja ein Grund, > mksh auf jedem System zu installieren.“ > -- XTaran auf der OpenRheinRuhr, ganz begeistert > (EN: “[…]uhr.gz is a reason to install mksh on every system.”) >