FAQ Search Today's Posts Mark Forums Read
» Video Reviews

» Linux Archive

Linux-archive is a website aiming to archive linux email lists and to make them easily accessible for linux users/developers.


» Sponsor

» Partners

» Sponsor

Go Back   Linux Archive > ArchLinux > ArchLinux Pacman Development

 
 
LinkBack Thread Tools
 
Old 06-18-2008, 03:29 PM
Sebastian Nowicki
 
Default Remove --asroot switch from makepkg.

On 18/06/2008, at 11:00 PM, Loui wrote:

> Well, my opinion is that makepkg shouldn't hinder an admin user any
> more than say `rm -r /*` or other similar wonderfully destructive
> commands. Besides, --asroot is yet another flag, adds more code and
> complexity, and can hinder root users from even doing small non-build
> tasks. I use makepkg as another user most of the time, but I'll use it
> as root every once in awhile and I found --asroot to be a bit
> annoying.
>
> Warnings are nice, but when you start to block functionality it really
> becomes a babysitting feature.

+1

I never actually run makepkg as root (ie. logged in as root), but I do
use sudo, and "sudo makepkg --asroot" is just stupid.

_______________________________________________
pacman-dev mailing list
pacman-dev@archlinux.org
http://archlinux.org/mailman/listinfo/pacman-dev
 
Old 06-18-2008, 03:40 PM
"Dan McGee"
 
Default Remove --asroot switch from makepkg.

On Wed, Jun 18, 2008 at 10:29 AM, Sebastian Nowicki <sebnow@gmail.com> wrote:
>
> On 18/06/2008, at 11:00 PM, Loui wrote:
>
>> Well, my opinion is that makepkg shouldn't hinder an admin user any
>> more than say `rm -r /*` or other similar wonderfully destructive
>> commands. Besides, --asroot is yet another flag, adds more code and
>> complexity, and can hinder root users from even doing small non-build
>> tasks. I use makepkg as another user most of the time, but I'll use it
>> as root every once in awhile and I found --asroot to be a bit
>> annoying.
>>
>> Warnings are nice, but when you start to block functionality it really
>> becomes a babysitting feature.
>
> +1
>
> I never actually run makepkg as root (ie. logged in as root), but I do
> use sudo, and "sudo makepkg --asroot" is just stupid.

You do realize this is the *exact* same thing as running as root,
which is what this option was meant to notify you about and scare you
away from?

-Dan

_______________________________________________
pacman-dev mailing list
pacman-dev@archlinux.org
http://archlinux.org/mailman/listinfo/pacman-dev
 
Old 06-18-2008, 04:02 PM
Miklos Vajna
 
Default Remove --asroot switch from makepkg.

On Wed, Jun 18, 2008 at 10:40:30AM -0500, Dan McGee <dpmcgee@gmail.com> wrote:
> You do realize this is the *exact* same thing as running as root,
> which is what this option was meant to notify you about and scare you
> away from?

actually running makepkg as root would be something reasonable in case
makepkg would support building in chroot (like pacman-g2's makepkg
does).

in that case the flow would be: su/sudo -> chroot -> drop privileges ->
fakeroot

but as long as this is not the case, running makepkg as root or _any
other valuable user_ makes no sense.

i think this is a point many makepkg user miss: for example if the
buildscript has 'rm -rf ~' in build(), then it's possible that the
problem will be bigger if you run it as your own user!

to sum up: we encourage users to run makepkg as root, because this way
it can drop privileges as a separate user where makepkg can't do
anything problematic.

maybe this is something worth porting from pacman-g2, it's your
decision.
_______________________________________________
pacman-dev mailing list
pacman-dev@archlinux.org
http://archlinux.org/mailman/listinfo/pacman-dev
 
Old 06-18-2008, 05:29 PM
Loui
 
Default Remove --asroot switch from makepkg.

On Wed, Jun 18, 2008 at 06:02:37PM +0200, Miklos Vajna wrote:
> but as long as this is not the case, running makepkg as root or _any
> other valuable user_ makes no sense.
>
> i think this is a point many makepkg user miss: for example if the
> buildscript has 'rm -rf ~' in build(), then it's possible that the
> problem will be bigger if you run it as your own user!

Yeah I agree there. Losing my user data would be just as catastrophic as
losing the entire system, yet makepkg does nothing to protect against
that. I still run builds as a regular user occaisionally though.

> to sum up: we encourage users to run makepkg as root, because this way
> it can drop privileges as a separate user where makepkg can't do
> anything problematic.

This is how aurbuild works, and I think someone patched srcpac to run
builds as nobody. I don't think it's something that should be part of
makepkg though. I'd try to keep makepkg itself as simple and straight
forward as possble.


_______________________________________________
pacman-dev mailing list
pacman-dev@archlinux.org
http://archlinux.org/mailman/listinfo/pacman-dev
 
Old 06-18-2008, 10:48 PM
Miklos Vajna
 
Default Remove --asroot switch from makepkg.

On Wed, Jun 18, 2008 at 01:29:23PM -0400, Loui <louipc.ist@gmail.com> wrote:
> > to sum up: we encourage users to run makepkg as root, because this way
> > it can drop privileges as a separate user where makepkg can't do
> > anything problematic.
>
> This is how aurbuild works, and I think someone patched srcpac to run
> builds as nobody. I don't think it's something that should be part of
> makepkg though. I'd try to keep makepkg itself as simple and straight
> forward as possble.

ah, great. though i would suggest allocating a separate user for this
purpose, like our fst or gentoo's portage user.

i guess Arch uses nobody for webservers as well, so nobody has write
access to forum attachements and such.

ps: now if you call me paranoid, you are right. i *am* paranoid.
_______________________________________________
pacman-dev mailing list
pacman-dev@archlinux.org
http://archlinux.org/mailman/listinfo/pacman-dev
 
Old 06-18-2008, 11:39 PM
Sebastian Nowicki
 
Default Remove --asroot switch from makepkg.

On 18/06/2008, at 11:40 PM, Dan McGee wrote:

> On Wed, Jun 18, 2008 at 10:29 AM, Sebastian Nowicki
> <sebnow@gmail.com> wrote:
>>
>> On 18/06/2008, at 11:00 PM, Loui wrote:
>>
>>> Well, my opinion is that makepkg shouldn't hinder an admin user any
>>> more than say `rm -r /*` or other similar wonderfully destructive
>>> commands. Besides, --asroot is yet another flag, adds more code and
>>> complexity, and can hinder root users from even doing small non-
>>> build
>>> tasks. I use makepkg as another user most of the time, but I'll
>>> use it
>>> as root every once in awhile and I found --asroot to be a bit
>>> annoying.
>>>
>>> Warnings are nice, but when you start to block functionality it
>>> really
>>> becomes a babysitting feature.
>>
>> +1
>>
>> I never actually run makepkg as root (ie. logged in as root), but I
>> do
>> use sudo, and "sudo makepkg --asroot" is just stupid.
>
> You do realize this is the *exact* same thing as running as root,
> which is what this option was meant to notify you about and scare you
> away from?
>
> -Dan

Yes, what I meant was that "sudo ... --asroot" is redundant. You are
explicitly saying that you want to be root by using sudo, and on top
of that you have to explicitly tell makepkg that you want to be root.

_______________________________________________
pacman-dev mailing list
pacman-dev@archlinux.org
http://archlinux.org/mailman/listinfo/pacman-dev
 

Thread Tools




All times are GMT. The time now is 02:17 AM.

VBulletin, Copyright ©2000 - 2014, Jelsoft Enterprises Ltd.
Content Relevant URLs by vBSEO ©2007, Crawlability, Inc.
Copyright 2007 - 2008, www.linux-archive.org