On 16/09/2015 00:36, Fernando Rodriguez wrote: > On Tuesday, September 15, 2015 10:25:15 PM Alan McKinnon wrote: >> On 15/09/2015 22:09, james wrote: >>> Hello, >>> >>> So looking at /etc/portage/repos.conf, it seems root.root owns these >>> files; shouldn't it be portage.portage? and /usr/portage >>> >>> That got me thinking. Everywhere that portage operates or owns >>> things, should the ownership not be portage.portage >>> and what would the typical permissions be? >> >> Here, all of /etc/portage is root:root >> The tree and all overlays are portage:portage >> >> You can make a local overlay owned by user you want, stuff you hack away >> at yourself should probably be james:james or james:users >> >> Typically, permissions in /etc/portage are the usual 755 for dirs and >> 644 for files >> >> I set overlays and the tree to be 2775 for dirs and 664 for files >> >>> >>> Is there a master list I can look at? Surely root not own all >>> these dirs, like /usr/portage/* ? My /usr/portage is root.root >>> and 755 on permissions, is that right? >> >> Permissions should be what YOU need them to be on your computer. There's >> a default, it's what portage makes them when you install stuff >> >>> >>> If so, why? >> >> Only root should change the master config files in /etc, just like in >> all other apps >> IIRC emerge can drop privs to a user account, if that user is portage >> then portage must own the files > > It is true that portage drops privileges to the portage account (unless the > ebuild has RESTRICT="userpriv" or I think FEATURES="-userpriv" on make.conf) > but it doesn't need to write to the portage tree except to the distfiles > directory so I don't know of any reason to have everything owned by > portage:portage if the perms are 755/644.
portage also syncs the tree. For that it needs write perms. > > Mine is owned by root:root because it got borked one time after a sync so I > deleted it and copied from another box manually. The only problem I ever had > is that a fetch failed, and I just chowned the distfiles dir to > portage:portage > to fix it. Only recently it was pointed to me on this list that it was > supposed > to be portage:portage. I never changed it back to portage:portage but I made > a > mental note not to forget about it in case of trouble, that way I'll learn > why > that's the default if/when something breaks :) Besides it offers some > (limited) > protection against an ebuild accidentally writing to your portage tree. > >>> >>> In my /usr/local/portage and it's subdirs where I hack on many >>> ebuild, portage.portage owns everything.....? >> >> Make your life easy, chaown that stuff to james > > I personally prefer root:root because I think it is more secure. If you let > somebody use your account even for a minute s/he could modify an ebuild > without a password to install whatever s/he wants next time you run an update. I'll argue that it's less secure. Giving someone else a gap to modify your ebuilds when you accidentally leave the computer unlocked is a rare event whereas you modifying your own ebuilds like james does is a common event. If an overlay is root:root then he has to be root every time he works on it. If he then commits that rare blunder of leaving the computer unlocked, Murphy says he'll do it with a root shell open. While it is entirely possible to have a rogue colleague install a dodgy ebuild, that attacker would have to know exactly what to install where and would have to have the ebuild on hand to slip it in during the very few minutes available. To my eye that's a very small window of opportunity and needs a perfect storm to pull it off = vanishingly small risk -- Alan McKinnon alan.mckin...@gmail.com
