På søndag 1. mars 2026 kl. 22:52, skrev Stuart Henderson <[email protected]>:
> On 2026/03/01 20:38, [email protected] wrote: > > permit nopass setenv { \ > > FTPMODE PKG_CACHE PKG_PATH SM_PATH SSH_AUTH_SOCK \ > > DESTDIR DISTDIR FETCH_CMD FLAVOR GROUP MAKE MAKECONF \ > > MULTI_PACKAGES NOMAN OKAY_FILES OWNER PKG_DBDIR \ > > PKG_DESTDIR PKG_TMPDIR PORTSDIR RELEASEDIR SHARED_ONLY \ > > PORTS_TREE_OWNER FAKE_TREE_OWNER PORTSDIR \ > > SUBPACKAGE WRKOBJDIR SUDO_PORT_V1 } :wsrc > > security-wise, if your normal user account is in wsrc, this is pretty > much equivalent to running as root > > Only have privsep_user in the wsrc and not the normal user accounts, to only have that one privsep_user do fetching, building, and packaging. Should I comment this instead, reduce this, or use something else in a PORTS_PRIVSEP=Yes configuration? Or is adding (with or w/o nopass) permit keepenv privsep_user as root cmd pkg_add not changing what that one user, who is not a normal account, can already do? I like the convenience, but am willing to forgo if that is best(or better) security workflow. Does my query make sense?
