From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <gentoo-user+bounces-167435-garchives=archives.gentoo.org@lists.gentoo.org>
Received: from lists.gentoo.org (pigeon.gentoo.org [208.92.234.80])
	by finch.gentoo.org (Postfix) with ESMTP id BD55F1393F1
	for <garchives@archives.gentoo.org>; Tue, 15 Sep 2015 22:37:35 +0000 (UTC)
Received: from pigeon.gentoo.org (localhost [127.0.0.1])
	by pigeon.gentoo.org (Postfix) with SMTP id CE075E081C;
	Tue, 15 Sep 2015 22:37:26 +0000 (UTC)
Received: from BLU004-OMC1S16.hotmail.com (blu004-omc1s16.hotmail.com [65.55.116.27])
	(using TLSv1.2 with cipher ECDHE-RSA-AES256-SHA384 (256/256 bits))
	(No client certificate requested)
	by pigeon.gentoo.org (Postfix) with ESMTPS id B910BE07DF
	for <gentoo-user@lists.gentoo.org>; Tue, 15 Sep 2015 22:37:25 +0000 (UTC)
Received: from BLU437-SMTP34 ([65.55.116.7]) by BLU004-OMC1S16.hotmail.com over TLS secured channel with Microsoft SMTPSVC(7.5.7601.23008);
	 Tue, 15 Sep 2015 15:37:25 -0700
X-TMN: [DUowbQJsbYmYAhil6xJBcNjU/oKJsozC]
X-Originating-Email: [frodriguez.developer@outlook.com]
Message-ID: <BLU437-SMTP345031DBF94C16277B5FD98D5C0@phx.gbl>
From: Fernando Rodriguez <frodriguez.developer@outlook.com>
To: gentoo-user@lists.gentoo.org
Subject: Re: [gentoo-user] portage directory ownerships?
Date: Tue, 15 Sep 2015 18:36:37 -0400
User-Agent: KMail/4.14.8 (Linux/3.18.21; KDE/4.14.8; x86_64; ; )
In-Reply-To: <55F87EAB.20101@gmail.com>
References: <loom.20150915T220349-883@post.gmane.org> <55F87EAB.20101@gmail.com>
Precedence: bulk
List-Post: <mailto:gentoo-user@lists.gentoo.org>
List-Help: <mailto:gentoo-user+help@lists.gentoo.org>
List-Unsubscribe: <mailto:gentoo-user+unsubscribe@lists.gentoo.org>
List-Subscribe: <mailto:gentoo-user+subscribe@lists.gentoo.org>
List-Id: Gentoo Linux mail <gentoo-user.gentoo.org>
X-BeenThere: gentoo-user@lists.gentoo.org
Reply-to: gentoo-user@lists.gentoo.org
MIME-Version: 1.0
Content-Transfer-Encoding: 7Bit
Content-Type: text/plain; charset="us-ascii"
X-OriginalArrivalTime: 15 Sep 2015 22:37:24.0657 (UTC) FILETIME=[17AFAA10:01D0F007]
X-Archives-Salt: f4841780-f52f-4ab0-ab04-4ec42c98acf7
X-Archives-Hash: 7253906dc042d80f43913d857aa7e4cc

On Tuesday, September 15, 2015 10:25:15 PM Alan McKinnon wrote:
> On 15/09/2015 22:09, james wrote:
> > Hello,
> > 
> > So looking at /etc/portage/repos.conf, it seems root.root owns these
> > files; shouldn't it be portage.portage? and /usr/portage
> > 
> > That got me thinking. Everywhere that portage operates or owns
> > things, should the ownership not be portage.portage
> > and what would the typical permissions be?
> 
> Here, all of /etc/portage is root:root
> The tree and all overlays are portage:portage
> 
> You can make a local overlay owned by user you want, stuff you hack away
> at yourself should probably be james:james or james:users
> 
> Typically, permissions in /etc/portage are the usual 755 for dirs and
> 644 for files
> 
> I set overlays and the tree to be 2775 for dirs and 664 for files
> 
> > 
> > Is there a master list I can look at? Surely root not own all
> > these dirs, like /usr/portage/* ? My /usr/portage is root.root
> > and 755 on permissions, is that right?
> 
> Permissions should be what YOU need them to be on your computer. There's
> a default, it's what portage makes them when you install stuff
> 
> > 
> > If so, why?
> 
> Only root should change the master config files in /etc, just like in
> all other apps
> IIRC emerge can drop privs to a user account, if that user is portage
> then portage must own the files

It is true that portage drops privileges to the portage account (unless the 
ebuild has RESTRICT="userpriv" or I think FEATURES="-userpriv" on make.conf) 
but it doesn't need to write to the portage tree except to the distfiles 
directory so I don't know of any reason to have everything owned by 
portage:portage if the perms are 755/644.

Mine is owned by root:root because it got borked one time after a sync so I 
deleted it and copied from another box manually. The only problem I ever had 
is that a fetch failed, and I just chowned the distfiles dir to portage:portage 
to fix it. Only recently it was pointed to me on this list that it was supposed 
to be portage:portage. I never changed it back to portage:portage but I made a 
mental note not to forget about it in case of trouble, that way I'll learn why 
that's the default if/when something breaks :) Besides it offers some (limited) 
protection against an ebuild accidentally writing to your portage tree.

> > 
> > In my /usr/local/portage and it's subdirs where I hack on many 
> > ebuild, portage.portage owns everything.....?
> 
> Make your life easy, chaown that stuff to james

I personally prefer root:root because I think it is more secure. If you let 
somebody use your account even for a minute s/he could modify an ebuild 
without a password to install whatever s/he wants next time you run an update.
 
> > Curious, and I cannot remember ever looking at this....
> > 
> > 
> > James
> > 
> > 
> > 
> > 
> 
> 
> 

-- 
Fernando Rodriguez