From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from pigeon.gentoo.org ([208.92.234.80] helo=lists.gentoo.org) by finch.gentoo.org with esmtp (Exim 4.60) (envelope-from ) id 1OuZKV-0006V6-Mn for garchives@archives.gentoo.org; Sat, 11 Sep 2010 23:17:58 +0000 Received: from pigeon.gentoo.org (localhost [127.0.0.1]) by pigeon.gentoo.org (Postfix) with SMTP id F227CE08E0; Sat, 11 Sep 2010 23:17:28 +0000 (UTC) Received: from mail-ew0-f53.google.com (mail-ew0-f53.google.com [209.85.215.53]) by pigeon.gentoo.org (Postfix) with ESMTP id B31D3E08E0 for ; Sat, 11 Sep 2010 23:17:28 +0000 (UTC) Received: by ewy3 with SMTP id 3so2561478ewy.40 for ; Sat, 11 Sep 2010 16:17:28 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=domainkey-signature:received:received:from:to:subject:date :user-agent:cc:references:in-reply-to:mime-version:content-type :content-transfer-encoding:message-id; bh=mClj6ky/0MvcZatQb2jkVv/tTrbQnCAHaf8Gt5DdKbE=; b=FnWrXz3ajUTJa+GDHif1zFV+wRe20V84cCwxUtFgORuUIoDHlawTHcAsYc3Jkt+W6x fccX9Lx5Ztn4F53wNBCi/CwNVs3sbuBczuTdegTEBz6FxFeVT2v8ld6iUQt1q17H+Z8o lzlDr7vfSOWalwvkSl0M0Bf13RfQNrAJTyER8= DomainKey-Signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=from:to:subject:date:user-agent:cc:references:in-reply-to :mime-version:content-type:content-transfer-encoding:message-id; b=RL6JeQxasBiRyfVRLSpNuojtbQCmoZWz3671/z601rywJ7kywnZlx0EbPayHK24zu0 E0o/FSRdeepZvGIQv8rWNLw71r5FqJGN73lF1AbGeC6QvcUxbYulXRakKzBqIg0cZ7CR K68g61qJ7Dzs2pYMYA5dSYrIZLbQqhbmxFJec= Received: by 10.213.59.76 with SMTP id k12mr640138ebh.13.1284247048000; Sat, 11 Sep 2010 16:17:28 -0700 (PDT) Received: from nazgul.localnet (196-210-153-155.dynamic.isadsl.co.za [196.210.153.155]) by mx.google.com with ESMTPS id z55sm6448055eeh.3.2010.09.11.16.17.25 (version=TLSv1/SSLv3 cipher=RC4-MD5); Sat, 11 Sep 2010 16:17:27 -0700 (PDT) From: Alan McKinnon To: gentoo-user@lists.gentoo.org Subject: Re: [gentoo-user] Re: sudo in kernel config ? Date: Sun, 12 Sep 2010 01:17:22 +0200 User-Agent: KMail/1.13.5 (Linux/2.6.35-ck-r2; KDE/4.5.1; x86_64; ; ) Cc: Dale References: <201009111024.31634.stephane@22decembre.eu> <4C8BF8DB.7030502@gmail.com> In-Reply-To: <4C8BF8DB.7030502@gmail.com> Precedence: bulk List-Post: List-Help: List-Unsubscribe: List-Subscribe: List-Id: Gentoo Linux mail X-BeenThere: gentoo-user@lists.gentoo.org Reply-to: gentoo-user@lists.gentoo.org MIME-Version: 1.0 Content-Type: Text/Plain; charset="utf-8" Content-Transfer-Encoding: 7bit Message-Id: <201009120117.22392.alan.mckinnon@gmail.com> X-Archives-Salt: 3c12cd8d-600e-4986-bbe8-4af0960410f8 X-Archives-Hash: a53e9ad5163ebad4f5441bd4c71935ef Apparently, though unproven, at 23:47 on Saturday 11 September 2010, Dale did opine thusly: > >> My point was, if the sources are say in the user group, then any user > >> can edit them? Right now, they are in the root group and owned my root > >> which for security reasons is a good idea. That way a regular user can't > >> edit or modify the kernel sources. > > > > The group can only write if the files have the group write permission > > set. Still in Unix 101 domain, hehe :) > > I know that. Why would a person want anyone BUT root to be able to > access and change the kernel sources? Lets see if asking it this way > makes more sense. lol Gentoo does things different. If you read Documentation/* in the kernel sources, you will not find there what Gentoo has. /usr/src/linux was intended by the kernel devs[1] to be where the system headers are stored - what glibc uses to build. Like everything else in /usr/ this is obviously writeable for root only (usually). The intent is that you download kernel sources to ~, build there and sudo make install. Gentoo needs a kernel tree (not just headers) for all manner of stuff to build against. These days many distros also do it this way to accommodate the needs of getting nvidia-drivers and vm products to build their drivers etc. This must obviously also be writeable only for root. So, the ancient "advice" about not building as root is bullshit. It might have been good advice once but like all advice it's time is past. To answer your question: "You wouldn't. Anything else is just daft." [1] this itself might be ancient cruft and hopelessly out of date -- alan dot mckinnon at gmail dot com