> > On 2026/05/14 09:03, Janne Johansson wrote:
> > > If you start a ports build as root, it will drop privs to the _pfetch
> > > and _pbuild user for the respective steps, where the _pbuild user is
> > > disallowed to talk network if you use default pf rules.
> >
> > That's not correct.
> > Ports in general is *not* setup to be started as root.
>
> Sorry, my bad.
I was thinking of dpb, which of course can be used to build
not-just-all-ports but also single ports.
The manpage for that goes:
...
When dpb is run as root, it uses a privilege drop model instead of the
dangerous privilege elevation model of doas(1). When run as root, by
default, _pbuild is used as the build and log user, and _pfetch is used
as the fetch user.
--
May the most significant bit of your life be positive.
