On Mon, Jun 09, 2014 at 03:07:17PM -0700, Jonathan Thornburg wrote: > http://www.openbsd.org/anoncvs.html shows the 'cvs update' > command being run by root ("#" shell prompt)
One example (the latest one added) in the "Using CVS to ..." section uses $, as do all the examples in the "Example usages ..." section. Perhaps they should all be $? I'm not sure, but diff at the end if so. > I wouldn't expect any non-root user to have write permission to > /usr/src anyway. Just add a non-root user to the wsrc group and $ sudo chmod -R g+w /usr/{src,obj,ports,whatever} The relevant dirs should be group-writable by default anyway, but if you've checked out as root on top of it without a proper umask, then it would cause issues. > why is doing the cvs-update as root a bad idea? Why would you run it as root if you don't need to? It takes potentially-malicious input from the network and isn't super-tiny. Just general principle of least priveledge, it's not like you /can't/ run it as root (lest your source tree be corrupted or something). If this change were to be made, should there also be a note about wsrc, umask 002, and the rationale for not running as root? Tar examples are also #, perhaps those should be changed as well? Index: build/mirrors/anoncvs.html.head =================================================================== RCS file: /cvs/www/build/mirrors/anoncvs.html.head,v retrieving revision 1.35 diff -u -p -r1.35 anoncvs.html.head --- build/mirrors/anoncvs.html.head 9 May 2014 14:02:39 -0000 1.35 +++ build/mirrors/anoncvs.html.head 10 Jun 2014 00:45:26 -0000 @@ -221,14 +221,14 @@ If you don't have a CD handy, use the me <p> (If you are following <i>current</i>): <pre> - # <strong>cd /usr</strong> - # <strong>cvs -qd anon...@anoncvs.ca.openbsd.org:/cvs get -P src</strong> + $ <strong>cd /usr</strong> + $ <strong>cvs -qd anon...@anoncvs.ca.openbsd.org:/cvs get -P src</strong> </pre> <p> (If you are following the patch branch for 5.5): <pre> - # <strong>cd /usr</strong> - # <strong>cvs -qd anon...@anoncvs.ca.openbsd.org:/cvs get -rOPENBSD_5_5 -P src</strong> + $ <strong>cd /usr</strong> + $ <strong>cvs -qd anon...@anoncvs.ca.openbsd.org:/cvs get -rOPENBSD_5_5 -P src</strong> </pre> <!-- DO NOT EDIT ANONCVS.HTML MANUALLY - IT IS GENERATED FROM TEMPLATES! --> @@ -258,14 +258,14 @@ Confirm this, and the fingerprint will t <li> Anytime afterwards, to `update' this tree: <p> (If you are following <i>current</i>): <pre> - # <strong>cd /usr/src</strong> - # <strong>cvs -q up -Pd</strong> + $ <strong>cd /usr/src</strong> + $ <strong>cvs -q up -Pd</strong> </pre> <p> (If you are following the patch branch for 5.5): <pre> - # <strong>cd /usr/src</strong> - # <strong>cvs -q up -rOPENBSD_5_5 -Pd</strong> + $ <strong>cd /usr/src</strong> + $ <strong>cvs -q up -rOPENBSD_5_5 -Pd</strong> </pre> Every time you ran this it would synchronize your /usr/src tree. @@ -278,8 +278,8 @@ If you are updating a source tree that y from a different server, or from a CD, you <strong>must</strong> add the <em>-d [cvsroot]</em> option to cvs. <pre> - # <strong>cd /usr/src</strong> - # <strong>cvs -d anon...@anoncvs.ca.openbsd.org:/cvs -q up -Pd</strong> + $ <strong>cd /usr/src</strong> + $ <strong>cvs -d anon...@anoncvs.ca.openbsd.org:/cvs -q up -Pd</strong> </pre> </ul> @@ -289,24 +289,24 @@ it is similar to src: <ul><li> <p> (If you are following <i>current</i>): <pre> - # <strong>cd /usr</strong> - # <strong>cvs -qd anon...@anoncvs.ca.openbsd.org:/cvs get -P ports</strong> + $ <strong>cd /usr</strong> + $ <strong>cvs -qd anon...@anoncvs.ca.openbsd.org:/cvs get -P ports</strong> </pre> <p> (If you are following the patch branch for 5.5): <pre> - # <strong>cd /usr</strong> - # <strong>cvs -qd anon...@anoncvs.ca.openbsd.org:/cvs get -rOPENBSD_5_5 -P ports</strong> + $ <strong>cd /usr</strong> + $ <strong>cvs -qd anon...@anoncvs.ca.openbsd.org:/cvs get -rOPENBSD_5_5 -P ports</strong> </pre> <li> Anytime afterwards, to `update' this tree: <p> (If you are following <i>current</i>): <pre> - # <strong>cd /usr/ports</strong> - # <strong>cvs -q up -Pd</strong> + $ <strong>cd /usr/ports</strong> + $ <strong>cvs -q up -Pd</strong> </pre> <p> (If you are following the patch branch for 5.5): <pre> - # <strong>cd /usr/ports</strong> - # <strong>cvs -q up -rOPENBSD_5_5 -Pd</strong> + $ <strong>cd /usr/ports</strong> + $ <strong>cvs -q up -rOPENBSD_5_5 -Pd</strong> </pre> </ul> @@ -318,8 +318,8 @@ For those who like to see screenfulls of To make a diff of a locally patched module (here <i>cd.c</i>) to include with a bug report: <pre> - # <strong>cd /usr</strong> - # <strong>cvs diff -u src/sys/scsi/cd.c > /tmp/patch</strong> + $ <strong>cd /usr</strong> + $ <strong>cvs diff -u src/sys/scsi/cd.c > /tmp/patch</strong> </pre> <p>