On Jan 28, 2021, at 08:13, Murray Eisenberg wrote: > On 27 Jan 2021 16:05:57 -0600, Ryan Schmidt wrote: > >> You should not configure and make any software as root or with sudo. Use >> your own user account. Only use sudo to make install. > > Does the dictum against configuring or making any software with sudo apply to > installing and upgrading ports with MacPorts?
Yes it applies, and MacPorts does it for you. > i ask because I always need to use "sudo port install…." and "sudo port > upgrade …." , etc. Should I change ownership of MacPorts directories? And if > so, which ones? In a normal MacPorts installation, you use sudo when you want MacPorts to do things that write to disk, including port install, port upgrade, port selfupdate, port sync, etc. MacPorts won't work if you don't do this, because the directories it's writing into in /opt/local are intentionally owned by root. The MacPorts installer create a "macports" macOS user account, which has no special privileges, and MacPorts switches internally from root to the macports user when doing things that should not be done as root, for example during the configure and build phases of a port installation. This is even more secure than using your own user account to configure and build. If you use your own user account, a rogue build process could affect (corrupt, delete) any file your user account can (anything in your home directory). But with MacPorts using its "macports" user account, it can only affect things owned by that user account. You should not manually change the ownership of any MacPorts directories to circumvent this protection. It is possible when you build MacPorts from source to configure it in a way that does not require the use of sudo. This is not recommended because then it runs under entirely your user account and you forfeit the protections that would have been provided by using the "macports" user.
