From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from lists.gentoo.org (pigeon.gentoo.org [208.92.234.80]) by finch.gentoo.org (Postfix) with ESMTP id DFD4A138CE3 for ; Mon, 10 Feb 2014 23:11:03 +0000 (UTC) Received: from pigeon.gentoo.org (localhost [127.0.0.1]) by pigeon.gentoo.org (Postfix) with SMTP id 12B2EE0D34; Mon, 10 Feb 2014 23:10:58 +0000 (UTC) Received: from out1-smtp.messagingengine.com (out1-smtp.messagingengine.com [66.111.4.25]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by pigeon.gentoo.org (Postfix) with ESMTPS id 01082E0CB0 for ; Mon, 10 Feb 2014 23:10:56 +0000 (UTC) Received: from compute2.internal (compute2.nyi.mail.srv.osa [10.202.2.42]) by gateway1.nyi.mail.srv.osa (Postfix) with ESMTP id 150D421165 for ; Mon, 10 Feb 2014 18:10:55 -0500 (EST) Received: from frontend1 ([10.202.2.160]) by compute2.internal (MEProxy); Mon, 10 Feb 2014 18:10:56 -0500 DKIM-Signature: v=1; a=rsa-sha1; c=relaxed/relaxed; d=fastmail.co.uk; h= message-id:date:from:mime-version:to:subject:references :in-reply-to:content-type:content-transfer-encoding; s=mesmtp; bh=Zxw7W814KC12X/vLU7teN3vQeWg=; b=Ue6ks6tCc7yX5qLo3Ml244cbukuZ eccLDIrkuOuysKcIAeglhMZ/JCzwNLTiz/5CWsauzK3HkTx3oeWMFxddAFZAJ9uR OVhAxTF9q5EzVmD2We6x31STIaZXfRIVaJnntvLmoNBRZ+RFaM8MU6EtgQcZeseV GtUbDywpSynEBm0= DKIM-Signature: v=1; a=rsa-sha1; c=relaxed/relaxed; d= messagingengine.com; h=message-id:date:from:mime-version:to :subject:references:in-reply-to:content-type :content-transfer-encoding; s=smtpout; bh=Zxw7W814KC12X/vLU7teN3 vQeWg=; b=PbtzFoM8RUVWhSI7MCRicTeiVxJBM9VTwFRxPXjk7e8vHtDBVgYHB8 EEp38kcP7sze0lZrYLlBJtykNCrJZ7k7Fgp1CpS6OfsBDIM697OYxJV2tA+U9NNT ybRZqeazMrpDam7WaaWGvXALObGxkYief8t+mWsXWNYNDr89zWlTc= X-Sasl-enc: vCO03extEut8B4BNvYDpn4YMn3FcJB2c4zjlbgi6b+q2 1392073854 Received: from [192.168.1.100] (unknown [77.101.146.254]) by mail.messagingengine.com (Postfix) with ESMTPA id AB81CC007B3 for ; Mon, 10 Feb 2014 18:10:54 -0500 (EST) Message-ID: <52F95C7A.6010903@fastmail.co.uk> Date: Mon, 10 Feb 2014 23:10:50 +0000 From: Kerin Millar User-Agent: Mozilla/5.0 (Windows NT 6.2; WOW64; rv:24.0) Gecko/20100101 Thunderbird/24.3.0 Precedence: bulk List-Post: List-Help: List-Unsubscribe: List-Subscribe: List-Id: Gentoo Linux mail X-BeenThere: gentoo-user@lists.gentoo.org Reply-to: gentoo-user@lists.gentoo.org MIME-Version: 1.0 To: gentoo-user@lists.gentoo.org Subject: Re: [gentoo-user] User eix-sync permissions problem References: <197AEEF5-2BA3-43BF-944E-A5C4230D4CFB@stellar.eclipse.co.uk> <20140210190344.GB17128@waltdnes.org> <52F92894.2050809@gmail.com> In-Reply-To: <52F92894.2050809@gmail.com> Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit X-Archives-Salt: cc5a30d3-87e6-4551-b988-934d58115b6a X-Archives-Hash: 3c8f2c9b844fef17455538b1e2aefd93 On 10/02/2014 19:29, Alan McKinnon wrote: > On 10/02/2014 21:03, Walter Dnes wrote: >> >On Mon, Feb 10, 2014 at 05:09:55PM +0000, Stroller wrote >>> >> >>> >>On Mon, 10 February 2014, at 4:55 pm, Gleb Klochkov wrote: >>> >> >>>> >>>Hi. Try to use sudo with no password for eix-sync. >>> >> >>> >>I'd really rather not. Thanks, though. >> > >> > Being in group "portage" is not enough. That merely lets you do >> >emerges with "--pretend". "emerge --sync" modifies files in >> >/usr/portage. Files and directories in /usr/portage/ are user:group >> >root:root. Therefore you*NEED* root-level permission to modify them. > Not quite, it's not a cut and dried as that. If root chowns the files to > a regular user, and that user then syncs, ownership remains with the > user (as a regular user can't chown stuff and the owner must remain the > user regardless of what the master tree reckons the owning uid is). > > If the tree is then synced by root, well then all the problems come back It won't cause any problems. The effect of usersync is defined as thus: "Drop privileges to the owner of PORTDIR for emerge(1)." Hence, emerge --sync run as root will execute rsync as the portage user, assuming that PORTDIR is owned by that very same user. It can only be problematic if all of these conditions hold true: * usersync is enabled (as it is by default) * PORTDIR is owned by a non-root user * The ownership is not consistent across PORTDIR and its children As mentioned in a few other posts, recent snapshots are portage:portage throughout so it's a done deal for new installations. Those who still have it owned by root can benefit from usersync simply by running: # chown -R portage:portage "$(portageq envvar PORTDIR)" There is no subsequent requirement not to invoke emerge --sync as root. --Kerin