On Mon Jul 21, 2003 at 12:53:39PM -0700, Jerry Talkington wrote: > > I think it would be very useful if it would make sure to execute that > > build as a user, instead of the superuser; and do installations > > (of course) as superuser. > > The problem with that is some packages assume that they are being built > by root, and do some things such as set the ulimit and change the owner > of installed files to root (which is silly in most cases, since they > would already be owned by root.) > > Personally, I would love to see a movement away from requiring root > privileges except where absolutely needed. This would provide for > greater security, not to mention the convenience of multiple fink > installs, especially with the fast user switching in Panther.
This shouldn't be difficult at all. Many Linux distributions, (and I know of Mandrake in particular) don't build *anything* as root. All rpm packages are built as a regular user. Yes, it may require patching Makefiles and what have you, and yes sometimes it can be a PITA, but it's the right way to do it (I think). root privs should only be required to install, not compile. It's also safer to build as a user than root (unless you chroot the build environment which is next to impossible without duplicating a lot of stuff). I can't imagine the fink system being that difficult to deal with user builds rather than root builds, and I imagine that debian likely follows this procedure for building .deb packages as well. In fact, in over 3 years of dealing and packaging for Mandrake, the only rpm that I was absolutely unable to do as a user was qmail and that was due to the licensing restrictions and not being able to patch it. So it can definitely be done. =) -- MandrakeSoft Security; http://www.mandrakesecure.net/ Online Security Resource Book; http://linsec.ca/ "lynx -source http://linsec.ca/vdanen.asc | gpg --import" {FE6F2AFD : 88D8 0D23 8D4B 3407 5BD7 66F9 2043 D0E5 FE6F 2AFD}
pgp00000.pgp
Description: PGP signature
