[gentoo-dev] Too root or not to root?

[gentoo-dev] Too root or not to root?

[Rob Cakebread]

Hi,

I've written an editor/IDE for creating ebuilds (http://abeni.sf.net).
It requires the user to run it as root. In previous versions it ran as
a regular user and executed commands such as emerge and ebuild with sudo.

This worked ok but I had to do a lot of silly things because regular users
don't have read permissions below $WORKDIR. My app will open the configure
and Makefile automatically when you click the 'unpack' icon, for instance,
but I had to do some really kludgey things to check if the configure/Makefile
existed in ${S}. Then to read it I had to copy it to the /tmp dir with sudo
then read it in as regular user.

Is there a good reason that $WORKDIR isn't world readable? Should I just not
worry about it and continue requiring everyone run as root?

I notice other portage GUIs I've seen all require the user to run as root,
such as kportage, portagemaster etc, so maybe I shouldn't be concerned.


P.S.
Does anyone know of a Bash script beautifier? Mainly I need to convert spaces
to tabs in ebuilds and I'd rather use an external program if one exists.

Thanks,
Rob








--
gentoo-dev@gentoo.org mailing list

Re: [gentoo-dev] Too root or not to root?

[Mike Frysinger]

[-- Attachment #1: signed data --]
[-- Type: text/plain, Size: 401 bytes --]

On Thursday 21 August 2003 19:39, Rob Cakebread wrote:
> Is there a good reason that $WORKDIR isn't world readable? Should I just
> not worry about it and continue requiring everyone run as root?

have you tried userpriv at all ?  that just requires the user to be in the 
group portage ... and yes, imo, the $WORKDIR should be o-rwx

portage is going the way of not requiring root ...
-mike

[-- Attachment #2: signature --]
[-- Type: application/pgp-signature, Size: 827 bytes --]

Re: [gentoo-dev] Too root or not to root?

[Georgi Georgiev]

On 21/08/2003 at 16:39:15(-0700), Rob Cakebread used 1.1K just to say:
> P.S.
> Does anyone know of a Bash script beautifier? Mainly I need to convert spaces
> to tabs in ebuilds and I'd rather use an external program if one exists.

What about

sed -i -e 's/    /\t/g' filename

or

perl -i -pe 's/    /\t/g' filename

-- 
()   Georgi Georgiev   () When I was crossing the border into Canada,  ()
()    chutz@gg3.net    () they asked if I had any firearms with me. I  ()
()  +81(90)6266-1163   () said, "Well, what do you need?" -- Steven    ()
() ------------------- () Wright                                       ()

--
gentoo-dev@gentoo.org mailing list

Re: [gentoo-dev] Too root or not to root?

[Mamoru KOMACHI]

At Thu, 21 Aug 2003 16:39:15 -0700,
Rob Cakebread wrote:

> P.S.
> Does anyone know of a Bash script beautifier? Mainly I need to convert spaces
> to tabs in ebuilds and I'd rather use an external program if one exists.

unexpand? (sys-apps/coreutils)


regards,

-- 
Mamoru KOMACHI <usata@gentoo.org>
http://dev.gentoo.org/~usata/

--
gentoo-dev@gentoo.org mailing list

Re: [gentoo-dev] Too root or not to root?

[Rob Cakebread]

On Thursday 21 August 2003 04:54 pm, Mike Frysinger wrote:
> On Thursday 21 August 2003 19:39, Rob Cakebread wrote:
> > Is there a good reason that $WORKDIR isn't world readable? Should I just
> > not worry about it and continue requiring everyone run as root?
>
> have you tried userpriv at all ?  that just requires the user to be in the
> group portage ... and yes, imo, the $WORKDIR should be o-rwx
>
> portage is going the way of not requiring root ...
> -mike

No I didn't set 'userpriv' because make.conf says that it also removes sandbox access violations for users. But now I see the 'usersandbox' which re-enables sandboxing while running with userpriv. Ah ha.

Thanks, I think that should do it.

Does anyone think its a waste to add all the sudo stuff and run as regular user? Or just run the app as root?




--
gentoo-dev@gentoo.org mailing list

Re: [gentoo-dev] Too root or not to root?

[Mike Frysinger]

[-- Attachment #1: signed data --]
[-- Type: text/plain, Size: 353 bytes --]

On Thursday 21 August 2003 20:14, Rob Cakebread wrote:
> Does anyone think its a waste to add all the sudo stuff and run as regular
> user? Or just run the app as root?

i think ideally it would work like this:
sudo root to fetch (or maybe just portage ?)
sudo root to pkg_setup
run as portage to digest/unpack/compile/install
sudo root to qmerge
-mike

[-- Attachment #2: signature --]
[-- Type: application/pgp-signature, Size: 827 bytes --]

Re: [gentoo-dev] Too root or not to root?

[Alec Berryman]

[-- Attachment #1: Type: text/plain, Size: 984 bytes --]

On Thu, 2003-08-21 at 19:22, Mike Frysinger wrote:
> On Thursday 21 August 2003 20:14, Rob Cakebread wrote:
> > Does anyone think its a waste to add all the sudo stuff and run as regular
> > user? Or just run the app as root?
> 
> i think ideally it would work like this:
> sudo root to fetch (or maybe just portage ?)
> sudo root to pkg_setup
> run as portage to digest/unpack/compile/install
> sudo root to qmerge
> -mike

Debian has a package called fakeroot
(http://packages.debian.org/fakeroot):

--
This package is intended to enable something like:

  dpkg-buildpackage -rfakeroot
i.e. to remove the need to become root for a package build. This is done
by setting LD_PRELOAD to libfakeroot.so, which provides wrappers around
getuid, chown, chmod, mknod, stat, ..., thereby creating a fake root
environment. 

If you don't understand any of this, you do not need fakeroot!
--

I haven't used it myself, but perhaps this would be a starting point?


[-- Attachment #2: This is a digitally signed message part --]
[-- Type: application/pgp-signature, Size: 189 bytes --]

Re: [gentoo-dev] Too root or not to root?

[Sven Vermeulen]

[-- Attachment #1: Type: text/plain, Size: 454 bytes --]

On Thu, Aug 21, 2003 at 08:16:08PM -0500, Alec Berryman wrote:
>   dpkg-buildpackage -rfakeroot
> i.e. to remove the need to become root for a package build. This is done
> by setting LD_PRELOAD to libfakeroot.so, which provides wrappers around
> getuid, chown, chmod, mknod, stat, ..., thereby creating a fake root
> environment. 

Isn't the sandbox something similar?

Wkr,
	Sven Vermeulen


-- 
    Save some animals, eat a vegetarian.

[-- Attachment #2: Type: application/pgp-signature, Size: 189 bytes --]

Re: [gentoo-dev] Too root or not to root?

[Paul de Vrieze]

[-- Attachment #1: signed data --]
[-- Type: text/plain, Size: 987 bytes --]

On Friday 22 August 2003 02:22, Mike Frysinger wrote:
> On Thursday 21 August 2003 20:14, Rob Cakebread wrote:
> > Does anyone think its a waste to add all the sudo stuff and run as
> > regular user? Or just run the app as root?
>
> i think ideally it would work like this:
> sudo root to fetch (or maybe just portage ?)
> sudo root to pkg_setup
> run as portage to digest/unpack/compile/install
> sudo root to qmerge
> -mike

You only need to be root to install. All the other things should be doable as 
a normal user. Possibly it would mean some maintenance on the /var/tmp dir 
though.

For install, please take a look at libcap. It allows one to have only the 
capabilities you need. That way chmod would be allowed by the proper user to 
make the install fase work correctly. You would probably want to have the ide 
ask for these rights in this case.

Paul

-- 
Paul de Vrieze
Gentoo Developer
Mail: pauldv@gentoo.org
Homepage: http://www.devrieze.net

[-- Attachment #2: signature --]
[-- Type: application/pgp-signature, Size: 189 bytes --]