On Wed, 5 Mar 2003 17:15:26 +0000 Ales Stibal <[EMAIL PROTECTED]> wrote:
> Hello there, > someone posted here security note for emerge. I appreciate > this question, because I wonder emerge is running as root all the > time? > > Why not to setiud only while downloading and compiling? > For example emerge user/group will write to /usr/portage/distfiles and > building directory ... > > Any comments? I hope this was not asked already ;c) > > I am new to Gentoo, using it just 4 days ... but I finding Gentoo one > of the best distros I've ever seen. > > > Thanx, Astib(); Latest version of portage creates a make.conf in your /etc directory with the following comments in it. Note the userpriv option: # FEATURES are settings that affect the functionality of portage. Most # of # these settings are for developer use, but some are available to # non- developers as well. 'buildpkg' is an always-on setting for # the emerge flag of the same name. It causes binary packages to be # created of all packages that are merged. 'distcc' enables distcc # support for via CC.'userpriv' allows portage to drop root # privleges while it is compiling as a security measure, and as a # side effect this can remove sandbox access violations for users. # 'usersandbox' enables sandboxing while portage is running under # userpriv. 'noclean' prevents portage from removing the source and # temporary files after a merge -- for debugging purposes only. # 'noauto' is a feature which causes ebuild to perform the action # requested and not any other required actions like clean or unpack # -- for debugging purposes only. #FEATURES="sandbox buildpkg ccache distcc userpriv usersandbox noclean #noauto" Andrew -- [EMAIL PROTECTED] mailing list