from the quill of "Thomas M. Beaudry" <[EMAIL PROTECTED]> on scroll
<000701bf66da$7f83a1e0$4ba080d8@mosehern>
> You really should see a doctor about prescribing something to calm
> your
> tendencies towards hysteria...
What hysteria?
> Never said install and build are the same thing.
But you equated that being able to install requiring root means that
build should be done as root. To that I disagree. I did not see an
answer to my question as to why the iBCS nodes needed to be created at
build time rather than package time, so I am still of the opinion that
root should not be needed to build a kernel package if the spec file is
right. Please somebody correct me if I am wrong.
> But does not matter
> whether the build environment is restricted or not, as long as it's
> set up
> properly for the build.
But it does, because sooner or later you are going get a "make install"
for some package you are trying to build a spec file doing something
completely unpredicted and hose something. If you don't build as root
the chances that it's going to do something that is system damaging is
very little (to none).
> If the build is good,
But that is my point. While building packages the build might not be
good. Why give it the permissions it needs to do damage if you don't
have to.
Remember, on any UNIX system "be root only for as long as you really
need to" and you will prevent at least one nasty accident in your stint
as System Administrator.
> the install will be good.
The install can be inspected much easier than the build, so doing it as
root is easier to audit and prevent nasties.
> If
> you mess up the build in a "contained" environment, the install can
> still
> royally hose your system.
It can, but
$ rpm -ql
$ rpm -q --scripts
is a lot easier to audit than trying to figure out what a mess of
Makefiles is going to do when you do a:
# make install
> You seem to be a bit of a paradox.
Thanks!
> Very knowledgeable in lots of things but
> then you go and say some very weird stuff.
What's weird about what I said? There is 10 years of SysAdmin
experience behind "be root only when you really need to be root".
> Some people (such as myself) do
> all builds as root with no problems hosing the system.
It will come. :-)
> It's other people's
> builds that...
Bing! Yesserrie! In the case of a kernel build, I have to trust
Mandrake, Linus, the ALSA guys, the list goes on. Auditing the results
of all of those "make install"s would be horrendous. I would just
rather prevent them from damaging my system with permissions.
b.
--
Brian J. Murrell InterLinx Support Services, Inc.
North Vancouver, B.C. 604 983 UNIX
Platform and Brand Independent UNIX Support - R3.2 - R4 - BSD
