From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from lists.gentoo.org (pigeon.gentoo.org [208.92.234.80]) by finch.gentoo.org (Postfix) with ESMTP id 017D51393F1 for ; Wed, 16 Sep 2015 06:02:30 +0000 (UTC) Received: from pigeon.gentoo.org (localhost [127.0.0.1]) by pigeon.gentoo.org (Postfix) with SMTP id B355221C004; Wed, 16 Sep 2015 06:02:17 +0000 (UTC) Received: from mail-wi0-f174.google.com (mail-wi0-f174.google.com [209.85.212.174]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by pigeon.gentoo.org (Postfix) with ESMTPS id 6DA5EE0858 for ; Wed, 16 Sep 2015 06:02:16 +0000 (UTC) Received: by wiclk2 with SMTP id lk2so54991165wic.1 for ; Tue, 15 Sep 2015 23:02:15 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=subject:to:references:from:message-id:date:user-agent:mime-version :in-reply-to:content-type:content-transfer-encoding; bh=nswGxd9oawhWryR3xud6ih/ObqrAY++kJ6w+p/s6/Ww=; b=oSdH4PSg93wgavejPXsgXcJO6dOF2lM10QxNYWkn30LnKdzt8a7b99pXq2dVeYWVtX pLwh1k+lTaKg0va0CuOzlJ98U2sB8vKJ/IWuJtm5ssZ3OAiGBeRkpoJ1MHeXnnhvcsrr ag+hj2kFJ2gJtre2eT5ZLaFwiwxwleeCJjzm4ll6A96XOCEO0jnRHjdzL1jqTNi9qZE9 iaYZPHE+QpkDGCsy9tuW5G5vn3pW0o4Eb1Zh/lesQ5GUVDvhZx1bWXq+G/LJEIW/VhNV n7J/ZssEp5bxQXsZXF9+lcf+z1r4fgbr80C6b1UYPeNJTMU/84ZJ0SE1Dp+kzm/aoX+U +JKw== X-Received: by 10.194.175.200 with SMTP id cc8mr51091921wjc.87.1442383335120; Tue, 15 Sep 2015 23:02:15 -0700 (PDT) Received: from [172.20.0.41] ([105.210.58.210]) by smtp.googlemail.com with ESMTPSA id z2sm2583714wij.1.2015.09.15.23.02.13 for (version=TLSv1/SSLv3 cipher=OTHER); Tue, 15 Sep 2015 23:02:14 -0700 (PDT) Subject: Re: [gentoo-user] portage directory ownerships? To: gentoo-user@lists.gentoo.org References: <55F87EAB.20101@gmail.com> From: Alan McKinnon X-Enigmail-Draft-Status: N1110 Message-ID: <55F905D4.1060109@gmail.com> Date: Wed, 16 Sep 2015 08:01:56 +0200 User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:38.0) Gecko/20100101 Thunderbird/38.2.0 Precedence: bulk List-Post: List-Help: List-Unsubscribe: List-Subscribe: List-Id: Gentoo Linux mail X-BeenThere: gentoo-user@lists.gentoo.org Reply-to: gentoo-user@lists.gentoo.org MIME-Version: 1.0 In-Reply-To: Content-Type: text/plain; charset=windows-1252 Content-Transfer-Encoding: 7bit X-Archives-Salt: b69b8671-c784-45d6-8bc4-8f5256f87c58 X-Archives-Hash: c39e13e7ddfa9e0fbbe945b259e58145 On 16/09/2015 00:36, Fernando Rodriguez wrote: > On Tuesday, September 15, 2015 10:25:15 PM Alan McKinnon wrote: >> On 15/09/2015 22:09, james wrote: >>> Hello, >>> >>> So looking at /etc/portage/repos.conf, it seems root.root owns these >>> files; shouldn't it be portage.portage? and /usr/portage >>> >>> That got me thinking. Everywhere that portage operates or owns >>> things, should the ownership not be portage.portage >>> and what would the typical permissions be? >> >> Here, all of /etc/portage is root:root >> The tree and all overlays are portage:portage >> >> You can make a local overlay owned by user you want, stuff you hack away >> at yourself should probably be james:james or james:users >> >> Typically, permissions in /etc/portage are the usual 755 for dirs and >> 644 for files >> >> I set overlays and the tree to be 2775 for dirs and 664 for files >> >>> >>> Is there a master list I can look at? Surely root not own all >>> these dirs, like /usr/portage/* ? My /usr/portage is root.root >>> and 755 on permissions, is that right? >> >> Permissions should be what YOU need them to be on your computer. There's >> a default, it's what portage makes them when you install stuff >> >>> >>> If so, why? >> >> Only root should change the master config files in /etc, just like in >> all other apps >> IIRC emerge can drop privs to a user account, if that user is portage >> then portage must own the files > > It is true that portage drops privileges to the portage account (unless the > ebuild has RESTRICT="userpriv" or I think FEATURES="-userpriv" on make.conf) > but it doesn't need to write to the portage tree except to the distfiles > directory so I don't know of any reason to have everything owned by > portage:portage if the perms are 755/644. portage also syncs the tree. For that it needs write perms. > > Mine is owned by root:root because it got borked one time after a sync so I > deleted it and copied from another box manually. The only problem I ever had > is that a fetch failed, and I just chowned the distfiles dir to portage:portage > to fix it. Only recently it was pointed to me on this list that it was supposed > to be portage:portage. I never changed it back to portage:portage but I made a > mental note not to forget about it in case of trouble, that way I'll learn why > that's the default if/when something breaks :) Besides it offers some (limited) > protection against an ebuild accidentally writing to your portage tree. > >>> >>> In my /usr/local/portage and it's subdirs where I hack on many >>> ebuild, portage.portage owns everything.....? >> >> Make your life easy, chaown that stuff to james > > I personally prefer root:root because I think it is more secure. If you let > somebody use your account even for a minute s/he could modify an ebuild > without a password to install whatever s/he wants next time you run an update. I'll argue that it's less secure. Giving someone else a gap to modify your ebuilds when you accidentally leave the computer unlocked is a rare event whereas you modifying your own ebuilds like james does is a common event. If an overlay is root:root then he has to be root every time he works on it. If he then commits that rare blunder of leaving the computer unlocked, Murphy says he'll do it with a root shell open. While it is entirely possible to have a rogue colleague install a dodgy ebuild, that attacker would have to know exactly what to install where and would have to have the ebuild on hand to slip it in during the very few minutes available. To my eye that's a very small window of opportunity and needs a perfect storm to pull it off = vanishingly small risk -- Alan McKinnon alan.mckinnon@gmail.com