* [gentoo-user] portage directory ownerships?
@ 2015-09-15 20:09 james
2015-09-15 20:23 ` wabenbau
2015-09-15 20:25 ` Alan McKinnon
0 siblings, 2 replies; 13+ messages in thread
From: james @ 2015-09-15 20:09 UTC (permalink / raw
To: gentoo-user
Hello,
So looking at /etc/portage/repos.conf, it seems root.root owns these
files; shouldn't it be portage.portage? and /usr/portage
That got me thinking. Everywhere that portage operates or owns
things, should the ownership not be portage.portage
and what would the typical permissions be?
Is there a master list I can look at? Surely root not own all
these dirs, like /usr/portage/* ? My /usr/portage is root.root
and 755 on permissions, is that right?
If so, why?
In my /usr/local/portage and it's subdirs where I hack on many
ebuild, portage.portage owns everything.....?
Curious, and I cannot remember ever looking at this....
James
^ permalink raw reply [flat|nested] 13+ messages in thread
* Re: [gentoo-user] portage directory ownerships?
2015-09-15 20:09 [gentoo-user] portage directory ownerships? james
@ 2015-09-15 20:23 ` wabenbau
2015-09-15 20:25 ` Alan McKinnon
1 sibling, 0 replies; 13+ messages in thread
From: wabenbau @ 2015-09-15 20:23 UTC (permalink / raw
To: gentoo-user
james <wireless@tampabay.rr.com> wrote:
> Hello,
>
> So looking at /etc/portage/repos.conf, it seems root.root owns these
> files; shouldn't it be portage.portage? and /usr/portage
On my system /etc/portage/repos.conf is also owned by root:root
> That got me thinking. Everywhere that portage operates or owns
> things, should the ownership not be portage.portage
> and what would the typical permissions be?
>
> Is there a master list I can look at? Surely root not own all
> these dirs, like /usr/portage/* ? My /usr/portage is root.root
> and 755 on permissions, is that right?
On my system /usr/portage/* is owned by portage:portage and permissions
for directories is drwxrwsr-x and for files -rw-rw-r--
In make.conf I have usersandbox and userpriv in my FEATURES list.
Dunno, but maybe this has something to do with ownership/permissions.
--
Regards
wabe
^ permalink raw reply [flat|nested] 13+ messages in thread
* Re: [gentoo-user] portage directory ownerships?
2015-09-15 20:09 [gentoo-user] portage directory ownerships? james
2015-09-15 20:23 ` wabenbau
@ 2015-09-15 20:25 ` Alan McKinnon
2015-09-15 22:36 ` Fernando Rodriguez
2015-09-16 7:57 ` Neil Bothwick
1 sibling, 2 replies; 13+ messages in thread
From: Alan McKinnon @ 2015-09-15 20:25 UTC (permalink / raw
To: gentoo-user
On 15/09/2015 22:09, james wrote:
> Hello,
>
> So looking at /etc/portage/repos.conf, it seems root.root owns these
> files; shouldn't it be portage.portage? and /usr/portage
>
> That got me thinking. Everywhere that portage operates or owns
> things, should the ownership not be portage.portage
> and what would the typical permissions be?
Here, all of /etc/portage is root:root
The tree and all overlays are portage:portage
You can make a local overlay owned by user you want, stuff you hack away
at yourself should probably be james:james or james:users
Typically, permissions in /etc/portage are the usual 755 for dirs and
644 for files
I set overlays and the tree to be 2775 for dirs and 664 for files
>
> Is there a master list I can look at? Surely root not own all
> these dirs, like /usr/portage/* ? My /usr/portage is root.root
> and 755 on permissions, is that right?
Permissions should be what YOU need them to be on your computer. There's
a default, it's what portage makes them when you install stuff
>
> If so, why?
Only root should change the master config files in /etc, just like in
all other apps
IIRC emerge can drop privs to a user account, if that user is portage
then portage must own the files
>
> In my /usr/local/portage and it's subdirs where I hack on many
> ebuild, portage.portage owns everything.....?
Make your life easy, chaown that stuff to james
> Curious, and I cannot remember ever looking at this....
>
>
> James
>
>
>
>
--
Alan McKinnon
alan.mckinnon@gmail.com
^ permalink raw reply [flat|nested] 13+ messages in thread
* Re: [gentoo-user] portage directory ownerships?
2015-09-15 20:25 ` Alan McKinnon
@ 2015-09-15 22:36 ` Fernando Rodriguez
2015-09-16 2:19 ` [gentoo-user] " james
2015-09-16 6:01 ` [gentoo-user] " Alan McKinnon
2015-09-16 7:57 ` Neil Bothwick
1 sibling, 2 replies; 13+ messages in thread
From: Fernando Rodriguez @ 2015-09-15 22:36 UTC (permalink / raw
To: gentoo-user
On Tuesday, September 15, 2015 10:25:15 PM Alan McKinnon wrote:
> On 15/09/2015 22:09, james wrote:
> > Hello,
> >
> > So looking at /etc/portage/repos.conf, it seems root.root owns these
> > files; shouldn't it be portage.portage? and /usr/portage
> >
> > That got me thinking. Everywhere that portage operates or owns
> > things, should the ownership not be portage.portage
> > and what would the typical permissions be?
>
> Here, all of /etc/portage is root:root
> The tree and all overlays are portage:portage
>
> You can make a local overlay owned by user you want, stuff you hack away
> at yourself should probably be james:james or james:users
>
> Typically, permissions in /etc/portage are the usual 755 for dirs and
> 644 for files
>
> I set overlays and the tree to be 2775 for dirs and 664 for files
>
> >
> > Is there a master list I can look at? Surely root not own all
> > these dirs, like /usr/portage/* ? My /usr/portage is root.root
> > and 755 on permissions, is that right?
>
> Permissions should be what YOU need them to be on your computer. There's
> a default, it's what portage makes them when you install stuff
>
> >
> > If so, why?
>
> Only root should change the master config files in /etc, just like in
> all other apps
> IIRC emerge can drop privs to a user account, if that user is portage
> then portage must own the files
It is true that portage drops privileges to the portage account (unless the
ebuild has RESTRICT="userpriv" or I think FEATURES="-userpriv" on make.conf)
but it doesn't need to write to the portage tree except to the distfiles
directory so I don't know of any reason to have everything owned by
portage:portage if the perms are 755/644.
Mine is owned by root:root because it got borked one time after a sync so I
deleted it and copied from another box manually. The only problem I ever had
is that a fetch failed, and I just chowned the distfiles dir to portage:portage
to fix it. Only recently it was pointed to me on this list that it was supposed
to be portage:portage. I never changed it back to portage:portage but I made a
mental note not to forget about it in case of trouble, that way I'll learn why
that's the default if/when something breaks :) Besides it offers some (limited)
protection against an ebuild accidentally writing to your portage tree.
> >
> > In my /usr/local/portage and it's subdirs where I hack on many
> > ebuild, portage.portage owns everything.....?
>
> Make your life easy, chaown that stuff to james
I personally prefer root:root because I think it is more secure. If you let
somebody use your account even for a minute s/he could modify an ebuild
without a password to install whatever s/he wants next time you run an update.
> > Curious, and I cannot remember ever looking at this....
> >
> >
> > James
> >
> >
> >
> >
>
>
>
--
Fernando Rodriguez
^ permalink raw reply [flat|nested] 13+ messages in thread
* [gentoo-user] Re: portage directory ownerships?
2015-09-15 22:36 ` Fernando Rodriguez
@ 2015-09-16 2:19 ` james
2015-09-16 6:09 ` Alan McKinnon
2015-09-16 6:01 ` [gentoo-user] " Alan McKinnon
1 sibling, 1 reply; 13+ messages in thread
From: james @ 2015-09-16 2:19 UTC (permalink / raw
To: gentoo-user
Fernando Rodriguez <frodriguez.developer <at> outlook.com> writes:
> > Here, all of /etc/portage is root:root
This is what I have except for distfiles::
drwxrwxr-x 5 root portage 232K Sep 14 23:00 distfiles
root.portage ??? I guess portage does that. Fernando's explaination
seem plausible, I guess I'd have to look at the code (not today)
but this just seems strange to me that sys-apps/portage would do this...
> > The tree and all overlays are portage:portage
Mine are root.root but no harm, right? I guess I could change them
recursively to portage:portage but why, if portage is just going
to do what it wants anyway.
> > You can make a local overlay owned by user you want, stuff you hack away
> > at yourself should probably be james:james or james:users
Yea, I gonna think about /usr/local/portage. I see the convenience of
your suggestion, but I have always had most everthing portage:portage.
I cannot remember why though.....
> >
> > Typically, permissions in /etc/portage are the usual 755 for dirs and
> > 644 for files
> >
> > I set overlays and the tree to be 2775 for dirs and 664 for files
Yea, I have just let portage do what it wants and never really thought
about it before. This seem reasonable.
> > Permissions should be what YOU need them to be on your computer. There's
> > a default, it's what portage makes them when you install stuff
yep, it makes sense that sys-apps/portage is the master of these files,
I just never thought about it much before.
> > Only root should change the master config files in /etc, just like in
> > all other apps IIRC emerge can drop privs to a user account, if that
> > user is portage then portage must own the files
Ah. makes sense.
>
> It is true that portage drops privileges to the portage account (unless the
> ebuild has RESTRICT="userpriv" or I think FEATURES="-userpriv" on make.conf)
Nope these are not set on my make.conf (600) on permissions).
> but it doesn't need to write to the portage tree except to the distfiles
> directory so I don't know of any reason to have everything owned by
> portage:portage if the perms are 755/644.
Ah, this is whay my distfiles is root:portage.....?
>
> Mine is owned by root:root because it got borked one time after a sync so I
> deleted it and copied from another box manually. The only problem I ever had
> is that a fetch failed, and I just chowned the distfiles dir to
portage:portage
> to fix it. Only recently it was pointed to me on this list that it was
supposed
> to be portage:portage. I never changed it back to portage:portage but I
made a
> mental note not to forget about it in case of trouble, that way I'll learn
why
> that's the default if/when something breaks :) Besides it offers some
(limited)
> protection against an ebuild accidentally writing to your portage tree.
Interesting. I guess I could look at the code but everything is working
fine.
> > > In my /usr/local/portage and it's subdirs where I hack on many
> > > ebuild, portage.portage owns everything.....?
> >
> > Make your life easy, chaown that stuff to james
>
> I personally prefer root:root because I think it is more secure. If you let
> somebody use your account even for a minute s/he could modify an ebuild
> without a password to install whatever s/he wants next time you run an update.
I like Alan's simplicity. I also like root:root, like my /usr/portage,
but most of it is portage:portage, and that I did do. I just cant
remember why.
usr/local/portage/ is the one I need to think about.
Thanks for the feedback guys,
James
^ permalink raw reply [flat|nested] 13+ messages in thread
* Re: [gentoo-user] portage directory ownerships?
2015-09-15 22:36 ` Fernando Rodriguez
2015-09-16 2:19 ` [gentoo-user] " james
@ 2015-09-16 6:01 ` Alan McKinnon
2015-09-16 7:51 ` Fernando Rodriguez
1 sibling, 1 reply; 13+ messages in thread
From: Alan McKinnon @ 2015-09-16 6:01 UTC (permalink / raw
To: gentoo-user
On 16/09/2015 00:36, Fernando Rodriguez wrote:
> On Tuesday, September 15, 2015 10:25:15 PM Alan McKinnon wrote:
>> On 15/09/2015 22:09, james wrote:
>>> Hello,
>>>
>>> So looking at /etc/portage/repos.conf, it seems root.root owns these
>>> files; shouldn't it be portage.portage? and /usr/portage
>>>
>>> That got me thinking. Everywhere that portage operates or owns
>>> things, should the ownership not be portage.portage
>>> and what would the typical permissions be?
>>
>> Here, all of /etc/portage is root:root
>> The tree and all overlays are portage:portage
>>
>> You can make a local overlay owned by user you want, stuff you hack away
>> at yourself should probably be james:james or james:users
>>
>> Typically, permissions in /etc/portage are the usual 755 for dirs and
>> 644 for files
>>
>> I set overlays and the tree to be 2775 for dirs and 664 for files
>>
>>>
>>> Is there a master list I can look at? Surely root not own all
>>> these dirs, like /usr/portage/* ? My /usr/portage is root.root
>>> and 755 on permissions, is that right?
>>
>> Permissions should be what YOU need them to be on your computer. There's
>> a default, it's what portage makes them when you install stuff
>>
>>>
>>> If so, why?
>>
>> Only root should change the master config files in /etc, just like in
>> all other apps
>> IIRC emerge can drop privs to a user account, if that user is portage
>> then portage must own the files
>
> It is true that portage drops privileges to the portage account (unless the
> ebuild has RESTRICT="userpriv" or I think FEATURES="-userpriv" on make.conf)
> but it doesn't need to write to the portage tree except to the distfiles
> directory so I don't know of any reason to have everything owned by
> portage:portage if the perms are 755/644.
portage also syncs the tree. For that it needs write perms.
>
> Mine is owned by root:root because it got borked one time after a sync so I
> deleted it and copied from another box manually. The only problem I ever had
> is that a fetch failed, and I just chowned the distfiles dir to portage:portage
> to fix it. Only recently it was pointed to me on this list that it was supposed
> to be portage:portage. I never changed it back to portage:portage but I made a
> mental note not to forget about it in case of trouble, that way I'll learn why
> that's the default if/when something breaks :) Besides it offers some (limited)
> protection against an ebuild accidentally writing to your portage tree.
>
>>>
>>> In my /usr/local/portage and it's subdirs where I hack on many
>>> ebuild, portage.portage owns everything.....?
>>
>> Make your life easy, chaown that stuff to james
>
> I personally prefer root:root because I think it is more secure. If you let
> somebody use your account even for a minute s/he could modify an ebuild
> without a password to install whatever s/he wants next time you run an update.
I'll argue that it's less secure. Giving someone else a gap to modify
your ebuilds when you accidentally leave the computer unlocked is a rare
event whereas you modifying your own ebuilds like james does is a common
event.
If an overlay is root:root then he has to be root every time he works on
it. If he then commits that rare blunder of leaving the computer
unlocked, Murphy says he'll do it with a root shell open.
While it is entirely possible to have a rogue colleague install a dodgy
ebuild, that attacker would have to know exactly what to install where
and would have to have the ebuild on hand to slip it in during the very
few minutes available. To my eye that's a very small window of
opportunity and needs a perfect storm to pull it off = vanishingly small
risk
--
Alan McKinnon
alan.mckinnon@gmail.com
^ permalink raw reply [flat|nested] 13+ messages in thread
* Re: [gentoo-user] Re: portage directory ownerships?
2015-09-16 2:19 ` [gentoo-user] " james
@ 2015-09-16 6:09 ` Alan McKinnon
0 siblings, 0 replies; 13+ messages in thread
From: Alan McKinnon @ 2015-09-16 6:09 UTC (permalink / raw
To: gentoo-user
On 16/09/2015 04:19, james wrote:
> Fernando Rodriguez <frodriguez.developer <at> outlook.com> writes:
>
>
>>> Here, all of /etc/portage is root:root
>
> This is what I have except for distfiles::
> drwxrwxr-x 5 root portage 232K Sep 14 23:00 distfiles
>
> root.portage ??? I guess portage does that. Fernando's explaination
> seem plausible, I guess I'd have to look at the code (not today)
> but this just seems strange to me that sys-apps/portage would do this...
It's a valid technique. Root owns stuff and members of the portage group
can write distfiles. You can get the same effect with root:root and
making yourself a member of the root group, but that's over-reaching and
unwise
>
>>> The tree and all overlays are portage:portage
>
> Mine are root.root but no harm, right? I guess I could change them
> recursively to portage:portage but why, if portage is just going
> to do what it wants anyway.
No harm as long as all writes are done by root. You might not want that.
Forcing all writes to be done by root can open more security risks than
it closes, doubly so when the writes are something you intend to do often.
>
>
>
>>> You can make a local overlay owned by user you want, stuff you hack away
>>> at yourself should probably be james:james or james:users
>
> Yea, I gonna think about /usr/local/portage. I see the convenience of
> your suggestion, but I have always had most everthing portage:portage.
> I cannot remember why though.....
How long you been using gentoo? 5-10 years? That was the default install
settings for most of portage's lifetime.
>
>>>
>>> Typically, permissions in /etc/portage are the usual 755 for dirs and
>>> 644 for files
>>>
>>> I set overlays and the tree to be 2775 for dirs and 664 for files
>
> Yea, I have just let portage do what it wants and never really thought
> about it before. This seem reasonable.
>
>
>>> Permissions should be what YOU need them to be on your computer. There's
>>> a default, it's what portage makes them when you install stuff
>
> yep, it makes sense that sys-apps/portage is the master of these files,
> I just never thought about it much before.
>
>
>>> Only root should change the master config files in /etc, just like in
>>> all other apps IIRC emerge can drop privs to a user account, if that
>>> user is portage then portage must own the files
>
> Ah. makes sense.
>
>>
>> It is true that portage drops privileges to the portage account (unless the
>> ebuild has RESTRICT="userpriv" or I think FEATURES="-userpriv" on make.conf)
>
> Nope these are not set on my make.conf (600) on permissions).
>
>> but it doesn't need to write to the portage tree except to the distfiles
>> directory so I don't know of any reason to have everything owned by
>> portage:portage if the perms are 755/644.
>
> Ah, this is whay my distfiles is root:portage.....?
>
>>
>> Mine is owned by root:root because it got borked one time after a sync so I
>> deleted it and copied from another box manually. The only problem I ever had
>> is that a fetch failed, and I just chowned the distfiles dir to
> portage:portage
>> to fix it. Only recently it was pointed to me on this list that it was
> supposed
>> to be portage:portage. I never changed it back to portage:portage but I
> made a
>> mental note not to forget about it in case of trouble, that way I'll learn
> why
>> that's the default if/when something breaks :) Besides it offers some
> (limited)
>> protection against an ebuild accidentally writing to your portage tree.
>
> Interesting. I guess I could look at the code but everything is working
> fine.
>
>
>>>> In my /usr/local/portage and it's subdirs where I hack on many
>>>> ebuild, portage.portage owns everything.....?
>>>
>>> Make your life easy, chaown that stuff to james
>>
>> I personally prefer root:root because I think it is more secure. If you let
>> somebody use your account even for a minute s/he could modify an ebuild
>> without a password to install whatever s/he wants next time you run an update.
>
> I like Alan's simplicity. I also like root:root, like my /usr/portage,
> but most of it is portage:portage, and that I did do. I just cant
> remember why.
>
> usr/local/portage/ is the one I need to think about.
Here's what I suggest:
You're doing a lot of hacking on ebuilds. Make a local overlay in ~ and
have it owned by james:james, mode 644, just like all other code you'd
keep in ~.
Add that local repo to repos.conf/, leave the main portage dirs and
external overlays as they are and hack away on clustering stuff to your
heart's content
>
> Thanks for the feedback guys,
> James
>
>
>
>
>
--
Alan McKinnon
alan.mckinnon@gmail.com
^ permalink raw reply [flat|nested] 13+ messages in thread
* Re: [gentoo-user] portage directory ownerships?
2015-09-16 6:01 ` [gentoo-user] " Alan McKinnon
@ 2015-09-16 7:51 ` Fernando Rodriguez
0 siblings, 0 replies; 13+ messages in thread
From: Fernando Rodriguez @ 2015-09-16 7:51 UTC (permalink / raw
To: gentoo-user
On Wednesday, September 16, 2015 8:01:56 AM Alan McKinnon wrote:
> On 16/09/2015 00:36, Fernando Rodriguez wrote:
> > On Tuesday, September 15, 2015 10:25:15 PM Alan McKinnon wrote:
> >> On 15/09/2015 22:09, james wrote:
> >>> Hello,
> >>>
> >>> So looking at /etc/portage/repos.conf, it seems root.root owns these
> >>> files; shouldn't it be portage.portage? and /usr/portage
> >>>
> >>> That got me thinking. Everywhere that portage operates or owns
> >>> things, should the ownership not be portage.portage
> >>> and what would the typical permissions be?
> >>
> >> Here, all of /etc/portage is root:root
> >> The tree and all overlays are portage:portage
> >>
> >> You can make a local overlay owned by user you want, stuff you hack away
> >> at yourself should probably be james:james or james:users
> >>
> >> Typically, permissions in /etc/portage are the usual 755 for dirs and
> >> 644 for files
> >>
> >> I set overlays and the tree to be 2775 for dirs and 664 for files
> >>
> >>>
> >>> Is there a master list I can look at? Surely root not own all
> >>> these dirs, like /usr/portage/* ? My /usr/portage is root.root
> >>> and 755 on permissions, is that right?
> >>
> >> Permissions should be what YOU need them to be on your computer. There's
> >> a default, it's what portage makes them when you install stuff
> >>
> >>>
> >>> If so, why?
> >>
> >> Only root should change the master config files in /etc, just like in
> >> all other apps
> >> IIRC emerge can drop privs to a user account, if that user is portage
> >> then portage must own the files
> >
> > It is true that portage drops privileges to the portage account (unless
the
> > ebuild has RESTRICT="userpriv" or I think FEATURES="-userpriv" on
make.conf)
> > but it doesn't need to write to the portage tree except to the distfiles
> > directory so I don't know of any reason to have everything owned by
> > portage:portage if the perms are 755/644.
>
> portage also syncs the tree. For that it needs write perms.
>
> >
> > Mine is owned by root:root because it got borked one time after a sync so
I
> > deleted it and copied from another box manually. The only problem I ever
had
> > is that a fetch failed, and I just chowned the distfiles dir to
portage:portage
> > to fix it. Only recently it was pointed to me on this list that it was
supposed
> > to be portage:portage. I never changed it back to portage:portage but I
made a
> > mental note not to forget about it in case of trouble, that way I'll learn
why
> > that's the default if/when something breaks :) Besides it offers some
(limited)
> > protection against an ebuild accidentally writing to your portage tree.
> >
> >>>
> >>> In my /usr/local/portage and it's subdirs where I hack on many
> >>> ebuild, portage.portage owns everything.....?
> >>
> >> Make your life easy, chaown that stuff to james
> >
> > I personally prefer root:root because I think it is more secure. If you
let
> > somebody use your account even for a minute s/he could modify an ebuild
> > without a password to install whatever s/he wants next time you run an
update.
>
> I'll argue that it's less secure. Giving someone else a gap to modify
> your ebuilds when you accidentally leave the computer unlocked is a rare
> event whereas you modifying your own ebuilds like james does is a common
> event.
>
> If an overlay is root:root then he has to be root every time he works on
> it. If he then commits that rare blunder of leaving the computer
> unlocked, Murphy says he'll do it with a root shell open.
I also have the habit of never opening root shells unless absolutely necessary
(which is next to never) and when I do I'm very conscious about it so that
won't be a problem for me. I do a lot of ebuild hacking and that does mean I
type my password a lot but you get used to it.
> While it is entirely possible to have a rogue colleague install a dodgy
> ebuild, that attacker would have to know exactly what to install where
> and would have to have the ebuild on hand to slip it in during the very
> few minutes available. To my eye that's a very small window of
> opportunity and needs a perfect storm to pull it off = vanishingly small
> risk
If that was my mission I just pick something that I know you run at startup
like udev (I may pick something more trivial if possible to minimize the
chance of you noticing). I'd bump the version and have the ebuild install my
evil program along with it and add a few liner patch to fork() and execve() my
program or just make my program a patch to the main prog. Then I'll put it on
a webserver along with a script that does to work for me. Now I just need to
run a single command to download and execute the script.
So granted, it takes planning, and maybe some social engineering or other
methods to get details about your system but once I get the chance it'll take
only a few seconds and next time you update I'd have root access.
--
Fernando Rodriguez
^ permalink raw reply [flat|nested] 13+ messages in thread
* Re: [gentoo-user] portage directory ownerships?
2015-09-15 20:25 ` Alan McKinnon
2015-09-15 22:36 ` Fernando Rodriguez
@ 2015-09-16 7:57 ` Neil Bothwick
2015-09-16 13:46 ` [gentoo-user] " james
1 sibling, 1 reply; 13+ messages in thread
From: Neil Bothwick @ 2015-09-16 7:57 UTC (permalink / raw
To: gentoo-user
[-- Attachment #1: Type: text/plain, Size: 1368 bytes --]
On Tue, 15 Sep 2015 22:25:15 +0200, Alan McKinnon wrote:
> > That got me thinking. Everywhere that portage operates or owns
> > things, should the ownership not be portage.portage
> > and what would the typical permissions be?
>
> Here, all of /etc/portage is root:root
> The tree and all overlays are portage:portage
Just to add some confusion to the mix
root@fenchurch: drwxr-xr-x 1 root root 3378 Aug 25 08:43 /var/portage
root@hactar: drwxr-xr-x 1 root root 3378 Aug 25 07:55 /var/portage
root@vroomfondel: drwxr-xr-x 168 root root 4096 Aug 25 08:03 /var/portage
root@slartibartfast: drwxr-xr-x 1 portage portage 3378 Aug 25 08:05 /var/portage
root@lunkwill: drwxr-xr-x 168 portage portage 4096 Aug 25 07:35 /var/portage
root@quordlepleen: drwxr-xr-x 1 root root 3378 Aug 25 08:04 /var/portage
So some are portage:portage, some are root:root - all use /var/portage
for $PORTDIR so that's not an issue. One of the portage:portage ones is
the one that syncs with the mirrors and acts as an rsync host for the
others, this may or may not be significant.
Downloading a portage snapshot shows it all to be owned by
portage:portage, so I guess that's as close as we are going to get to a
definitive answer.
--
Neil Bothwick
If at first you don't succeed, you'll get a lot of free advice from
folks who didn't succeed either.
[-- Attachment #2: OpenPGP digital signature --]
[-- Type: application/pgp-signature, Size: 181 bytes --]
^ permalink raw reply [flat|nested] 13+ messages in thread
* [gentoo-user] Re: portage directory ownerships?
2015-09-16 7:57 ` Neil Bothwick
@ 2015-09-16 13:46 ` james
2015-09-16 14:19 ` Alan McKinnon
0 siblings, 1 reply; 13+ messages in thread
From: james @ 2015-09-16 13:46 UTC (permalink / raw
To: gentoo-user
Neil Bothwick <neil <at> digimed.co.uk> writes:
> > Here, all of /etc/portage is root:root
> > The tree and all overlays are portage:portage
> Just to add some confusion to the mix
<snip>
Good example and it got me thinking....
> So some are portage:portage, some are root:root - all use /var/portage
> for $PORTDIR so that's not an issue. One of the portage:portage ones is
> the one that syncs with the mirrors and acts as an rsync host for the
> others, this may or may not be significant.
I might swith to /var/portage on a new install. Whats the pedantic
reasons for for it? On an SSD for speed ? tmpdir? I'm curious, so tell me more.
1. So 'the tree' (/usr/portage/) is portage:portage OK.
2. and /etc/portages is root:root except for distfiles (root:portage) OK.
3. and /var/lib/layman and subdirs are root:root ???
Note, these are the overlays I use but do not hack on.
4. and /usr/local/portage is james:james
this where I hack on codes that are mostly other overlays that
need enhancements or raw codes I am processing into ebuilds.
5. /usr/local/experimental is james:james
where I working on codes that can compile
install or be removed without the baggage of portage/ebuilds. It
will be for embedded and cluster/cloud/vm movements of binaries
to attach directly to the 4.x kernel, dynamically.
I'm working on a new build semantic with DAGs, Tup, ninja and CheckInstall
So I can ignore (5) in make.conf. But I'm now getting ebuilds installed
in /usr/local/portage, I think because of this line in my make.conf::
PORTDIR_OVERLAY="source /etc/portage/repos.conf/layman.conf"
PORTDIR_OVERLAY="/usr/local/portage"
For goals of 1-5 what are improvements (any and all suggestions) on
make.conf I should make? I need to ensure that overlays that I do
not modify stay separate for the ebuild I modify. In fact some packages
are in both 3 and 4. I use git to seed category 4 so what caveates
do I use to ensure that git only seeds categroy 4 packages (ebuilds)once
and does not contaminant my 'old school; vim' hackery.
I think this is the only change I need::
PORTDIR_OVERLAY="/usr/local/portage" ==>
PORTDIR_OVERLAY="/var/lib/layman"
Or does layman and git (syncs) know where to place things. I do use
'git clone' to seed category 4 packages-->ebuilds and will
eventually be use more of git's features to push out updates.
I just gotta get this straight, consistent and keep things seperate
in my mind, because being an old fart, reading lots of codes, sometimes
I forget the origins of hacks. (yea yea document the code you old hack)
All suggestions welcome.
TIA,
James
^ permalink raw reply [flat|nested] 13+ messages in thread
* Re: [gentoo-user] Re: portage directory ownerships?
2015-09-16 13:46 ` [gentoo-user] " james
@ 2015-09-16 14:19 ` Alan McKinnon
2015-09-16 14:51 ` Neil Bothwick
0 siblings, 1 reply; 13+ messages in thread
From: Alan McKinnon @ 2015-09-16 14:19 UTC (permalink / raw
To: gentoo-user
On 16/09/2015 15:46, james wrote:
> Neil Bothwick <neil <at> digimed.co.uk> writes:
>
>
>
>>> Here, all of /etc/portage is root:root
>>> The tree and all overlays are portage:portage
>
>> Just to add some confusion to the mix
>
> <snip>
>
> Good example and it got me thinking....
>
>> So some are portage:portage, some are root:root - all use /var/portage
>> for $PORTDIR so that's not an issue. One of the portage:portage ones is
>> the one that syncs with the mirrors and acts as an rsync host for the
>> others, this may or may not be significant.
>
> I might swith to /var/portage on a new install. Whats the pedantic
> reasons for for it? On an SSD for speed ? tmpdir? I'm curious, so tell me more.
Nothing to do with tmpdir stuff.
/usr has always been something that must mountable read-only and still
work should the user want it that way.
/var is where data goes that can change. The tree is a database, it can
change, and does every time you sync.
The tree was in /usr/portage for years for NO OTHER REASON than that's
where FreeBSD put it (portage is based off/inspired by FreeBSD ports).
That works on FreeBSD nicely but strictly according to Linux conventions
and FHS should have been in /var all along.
You can put the tree any place you like, just modify PORTDIR to suit
plus a few other bits (eg profile symlink in /etc/portage). The switch
to /var is only a change to the hard-coded default
>
>
> 1. So 'the tree' (/usr/portage/) is portage:portage OK.
>
> 2. and /etc/portages is root:root except for distfiles (root:portage) OK.
>
> 3. and /var/lib/layman and subdirs are root:root ???
> Note, these are the overlays I use but do not hack on.
That's fine. If you only --sync as root it all works out
>
>
> 4. and /usr/local/portage is james:james
> this where I hack on codes that are mostly other overlays that
> need enhancements or raw codes I am processing into ebuilds.
>
> 5. /usr/local/experimental is james:james
> where I working on codes that can compile
> install or be removed without the baggage of portage/ebuilds. It
> will be for embedded and cluster/cloud/vm movements of binaries
> to attach directly to the 4.x kernel, dynamically.
> I'm working on a new build semantic with DAGs, Tup, ninja and CheckInstall
>
>
> So I can ignore (5) in make.conf. But I'm now getting ebuilds installed
> in /usr/local/portage, I think because of this line in my make.conf::
>
> PORTDIR_OVERLAY="source /etc/portage/repos.conf/layman.conf"
> PORTDIR_OVERLAY="/usr/local/portage"
No man, rip that shit out. Delete both lines and replace with entries in
/etc/portage/repos.conf/
There was a news item on 2 Feb that gives full details.
Then emerge layman with use="sync-plugin-portage"
And btw, your second line overrides and replaces the first.
> For goals of 1-5 what are improvements (any and all suggestions) on
> make.conf I should make? I need to ensure that overlays that I do
> not modify stay separate for the ebuild I modify. In fact some packages
> are in both 3 and 4. I use git to seed category 4 so what caveates
> do I use to ensure that git only seeds categroy 4 packages (ebuilds)once
> and does not contaminant my 'old school; vim' hackery.
Edit only inside the overlay you want to change. If you have another
overlay that is essentially read-only (or you don't change), and you do
edit it, well then you just changed it and the computer will follow your
lead :-)
so vi then git add/commit/push the stuff you edit.
Or maybe I don't grok what you mean here
>
>
> I think this is the only change I need::
> PORTDIR_OVERLAY="/usr/local/portage" ==>
> PORTDIR_OVERLAY="/var/lib/layman"
No. DoItRite as above. That PORTDIR_OVERLAY crap never did work right -
all overlays were essentially considered equal and it would be pot luck
where your next ebuild comes from....
> Or does layman and git (syncs) know where to place things. I do use
> 'git clone' to seed category 4 packages-->ebuilds and will
> eventually be use more of git's features to push out updates.
layman doesn't know anything other than what's in it's config. There's
no magic. If you tell it a repo in mastered at place X, and you make
changes to X, layman will sync those changes.
Don't use 'git clone' for this. A clone is your first checkout. Rather
push the stuff you edit and pull updates from there with layman
>
> I just gotta get this straight, consistent and keep things seperate
> in my mind, because being an old fart, reading lots of codes, sometimes
> I forget the origins of hacks. (yea yea document the code you old hack)
--
Alan McKinnon
alan.mckinnon@gmail.com
^ permalink raw reply [flat|nested] 13+ messages in thread
* Re: [gentoo-user] Re: portage directory ownerships?
2015-09-16 14:19 ` Alan McKinnon
@ 2015-09-16 14:51 ` Neil Bothwick
2015-09-17 5:38 ` Mick
0 siblings, 1 reply; 13+ messages in thread
From: Neil Bothwick @ 2015-09-16 14:51 UTC (permalink / raw
To: gentoo-user
[-- Attachment #1: Type: text/plain, Size: 516 bytes --]
On Wed, 16 Sep 2015 16:19:40 +0200, Alan McKinnon wrote:
> > PORTDIR_OVERLAY="/usr/local/portage" ==>
> > PORTDIR_OVERLAY="/var/lib/layman"
>
> No. DoItRite as above. That PORTDIR_OVERLAY crap never did work right -
> all overlays were essentially considered equal and it would be pot luck
> where your next ebuild comes from....
It was according to the order of the overlays in PORTDIR_OVERLAY, for
ebuilds with equal versions.
--
Neil Bothwick
I get enough exercise just pushing my luck.
[-- Attachment #2: OpenPGP digital signature --]
[-- Type: application/pgp-signature, Size: 181 bytes --]
^ permalink raw reply [flat|nested] 13+ messages in thread
* Re: [gentoo-user] Re: portage directory ownerships?
2015-09-16 14:51 ` Neil Bothwick
@ 2015-09-17 5:38 ` Mick
0 siblings, 0 replies; 13+ messages in thread
From: Mick @ 2015-09-17 5:38 UTC (permalink / raw
To: gentoo-user
[-- Attachment #1: Type: Text/Plain, Size: 793 bytes --]
On Wednesday 16 Sep 2015 15:51:55 Neil Bothwick wrote:
> On Wed, 16 Sep 2015 16:19:40 +0200, Alan McKinnon wrote:
> > > PORTDIR_OVERLAY="/usr/local/portage" ==>
> > > PORTDIR_OVERLAY="/var/lib/layman"
> >
> > No. DoItRite as above. That PORTDIR_OVERLAY crap never did work right -
> > all overlays were essentially considered equal and it would be pot luck
> > where your next ebuild comes from....
>
> It was according to the order of the overlays in PORTDIR_OVERLAY, for
> ebuilds with equal versions.
This may help:
https://wiki.gentoo.org/wiki/Project:Portage/Sync
I have not yet changed my layman config to use
/etc/portage/repos.conf/layman.conf but will be looking into installing
laymanator and doing the necessary when I get a minute.
--
Regards,
Mick
[-- Attachment #2: This is a digitally signed message part. --]
[-- Type: application/pgp-signature, Size: 473 bytes --]
^ permalink raw reply [flat|nested] 13+ messages in thread
end of thread, other threads:[~2015-09-17 5:39 UTC | newest]
Thread overview: 13+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2015-09-15 20:09 [gentoo-user] portage directory ownerships? james
2015-09-15 20:23 ` wabenbau
2015-09-15 20:25 ` Alan McKinnon
2015-09-15 22:36 ` Fernando Rodriguez
2015-09-16 2:19 ` [gentoo-user] " james
2015-09-16 6:09 ` Alan McKinnon
2015-09-16 6:01 ` [gentoo-user] " Alan McKinnon
2015-09-16 7:51 ` Fernando Rodriguez
2015-09-16 7:57 ` Neil Bothwick
2015-09-16 13:46 ` [gentoo-user] " james
2015-09-16 14:19 ` Alan McKinnon
2015-09-16 14:51 ` Neil Bothwick
2015-09-17 5:38 ` Mick
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox