Am 10.01.2011 13:37, schrieb Reindl Harald:
Am 10.01.2011 11:33, schrieb Buzai Andras:
Hi,
I use Ubuntu 10.04 and the package repository does not contain the
latest Postfix release.
Also I prefer installing packages from source. This way I think I can
always learn something new.
nobody said anything against
"software packaging procedure of your distro/OS" is NOT apt-get
it was menat to build an rpm/deb-package instead a dump install
with "make install" your system will get dirty after some updates
because old files are not removed, a package does this clean
>
To your querstion about superuser:
NERVER EVER build sources as superuser necause
if there are bugs in the build-process you can
damage you system which is impossible with
restricted permissions.
As it may take some time to build up software packaging facility, I
suggest you make a clean install on a vmware (or whatever you use)
server and use this virutal host as a software building facility. There,
you can revert to snapshot if something goes wrong during the scripted
packaging procedure.
I do use root permissions to build, but I do it on a build host. More
than that I do preliminary checks of the Makefile's capabilities - if
there is a Makefile - before I am building. These tests perhaps do not
apply on you because I don't use Ubuntu or Debian.
Before I deploy a package, I usually test it. Are the permissions right?
Does it install the files into the right directories? Does it create the
needed links, devices, ...? When I configure the software and start it,
does it start up? And then, finally, when I am sure, I deploy it to a
productive server and always have a way back to the old version if the
new still does not work.
rpmbuild as example should EVER called with explicit user and
if there is a bug in the bzild-process which wants to touch files
outside the build-folder it fails an dnothing happens - do this
as root overwrites files on your build-system, mybe fails later
and you have an undefined state of your system
To summarize:
* If avoidable, don't use root for software building
* put your software packaging facility away from your productive servers
* before deploying to production, test your new built package
This may sound like overkill. But it's worth the trouble.
On Mon, Jan 10, 2011 at 10:43 AM, John Adams<mailingli...@belfin.ch> wrote:
Am 10.01.2011 10:06, schrieb Buzai Andras:
Hi,
I want to install Postfix 2.7.2 by compiling it from sources.
In the INSTALL file I saw the following statement:
"In the instructions below, a command written as "#
command" should be executed as the superuser.
A command written as "% command" should be executed as an
unprivileged user."
My question is:
The user used to configure/compile the sources is used in anyway in
Postfix later?
No.
Is there any security risk if I configure/compile all the sources
as the superuser? (I am referring only to the build/installation
process)
For installing, take a look at the software packaging procedure of your
distro/OS. This is much cleaner than just run 'make install'.
Thank you,
Buzai
