On Tuesday, September 15, 2015 10:25:15 PM Alan McKinnon wrote: > On 15/09/2015 22:09, james wrote: > > Hello, > > > > So looking at /etc/portage/repos.conf, it seems root.root owns these > > files; shouldn't it be portage.portage? and /usr/portage > > > > That got me thinking. Everywhere that portage operates or owns > > things, should the ownership not be portage.portage > > and what would the typical permissions be? > > Here, all of /etc/portage is root:root > The tree and all overlays are portage:portage > > You can make a local overlay owned by user you want, stuff you hack away > at yourself should probably be james:james or james:users > > Typically, permissions in /etc/portage are the usual 755 for dirs and > 644 for files > > I set overlays and the tree to be 2775 for dirs and 664 for files > > > > > Is there a master list I can look at? Surely root not own all > > these dirs, like /usr/portage/* ? My /usr/portage is root.root > > and 755 on permissions, is that right? > > Permissions should be what YOU need them to be on your computer. There's > a default, it's what portage makes them when you install stuff > > > > > If so, why? > > Only root should change the master config files in /etc, just like in > all other apps > IIRC emerge can drop privs to a user account, if that user is portage > then portage must own the files
It is true that portage drops privileges to the portage account (unless the ebuild has RESTRICT="userpriv" or I think FEATURES="-userpriv" on make.conf) but it doesn't need to write to the portage tree except to the distfiles directory so I don't know of any reason to have everything owned by portage:portage if the perms are 755/644. Mine is owned by root:root because it got borked one time after a sync so I deleted it and copied from another box manually. The only problem I ever had is that a fetch failed, and I just chowned the distfiles dir to portage:portage to fix it. Only recently it was pointed to me on this list that it was supposed to be portage:portage. I never changed it back to portage:portage but I made a mental note not to forget about it in case of trouble, that way I'll learn why that's the default if/when something breaks :) Besides it offers some (limited) protection against an ebuild accidentally writing to your portage tree. > > > > In my /usr/local/portage and it's subdirs where I hack on many > > ebuild, portage.portage owns everything.....? > > Make your life easy, chaown that stuff to james I personally prefer root:root because I think it is more secure. If you let somebody use your account even for a minute s/he could modify an ebuild without a password to install whatever s/he wants next time you run an update. > > Curious, and I cannot remember ever looking at this.... > > > > > > James > > > > > > > > > > > -- Fernando Rodriguez
