oops, sorry for the duplicate.
On Wed, 22 Oct 2014 00:16:04 +0200 Ingo Schwarze <[email protected]> wrote:
> Hi,
>
> [email protected] wrote on Tue, Oct 21, 2014 at 06:12:08PM -0400:
>
> > i had a problem recently with compiling ports as a normal user, and it
> > was pointed out to me i needed to be in group wsrc.
>
> Not strictly true, that's just one way to do it, though admittedly
> a reasonable and common one.
>
> > the relevant part of ports(7) is:
> >
> > install, and so on all the way to fetch. In typical use, one will
> > only run install explicitly (as normal user, with SUDO defined
> > in /etc/mk.conf), or build (as user), then install (as root).
> >
> > i replied with a patch for the ports(7) page to include the fact of the user
> > needs to be in wsrc, but since it was at the tail end of that subject, it
> > likely got missed/ignored there.
>
> I did look at the patch. To me, it did not seem good enough to commit it
> and not bad enough to reject it, so i ended up not knowing what to say,
> so i said nothing.
fair enough, i just didn't know.
>
> > so to avoid future confusions for others (after all, i did RTFM!),
> > the patch changes the above to:
> >
> > install, and so on all the way to fetch. In typical use, one will run
> > install explicitly (as normal user, in group wsrc, with SUDO defined in
> > /etc/mk.conf), or build (as user), then install (as root).
>
> I hate that particular wording. The topic at hand is bsd.port.mk(5)
> targets. You are turning this into a typical HOWTO: Type this,
> type that, no need to understand what you are doing.
>
> Which user to run the targets as is already tangential to the topic,
> but it does maybe help a bit to illustrate the purpose of the targets.
> Now you start talking about how to configure sudoers(5) correctly,
> which is completely off-topic - in typical HOWTO style, that is,
> without even making it clear what you are talking about, not even
> mentioning the new topic you switched to, sudoers(5).
>
> I don't think this can be fixed by adding more information about
> sudo, that would cause us to digress even more. I have no idea
> how to fix it, maybe someone else has.
>
> As a matter of fact, i hate the whole manual page, ports(7).
> It's mostly a cheap imitation of the real thing, bsd.port.mk(5),
> incomplete and imprecise as it stands. A bit of this, a bit
> of that, not very much OpenBSD manual style in the first place.
> Given that i hate it and don't really know how to improve it,
> i'll shut up now.
>
> Sorry,
> Ingo
>
i'm assuming your use of 'you are' above was mostly general so i am not going
to address specific points that i don't think were directed at me (since i
didn't mention or add anything about sudo, though of course sudoers is
preconfigured to treat the wsrc group special).
i actually agree that paragraph isn't very clear and not well worded. i only
inserted 'in group wsrc' and it seemed to not be out of place, both in the
triviality of the information given the mention of /etc/mk.conf, and the
style of the paragraph.
the only issue i really have is that this information should be accessable
*somewhere*, otherwise you are going to get more dumb questions like my first
one. perhaps this should then be in the faq? given your critique it seems
that is the best place for this information.
the reason this came up is the recent change to force non-root builds.
in the faq there is mention that you CAN change ownerships to wsrc for
security reasons, but now that non-root builds are default and sudoers is
already configured to recognize group wsrc, perhaps that is the appropriate
place. in the faq:
*** obsd-faq.txt.orig Tue Oct 21 22:47:26 2014
--- obsd-faq.txt Tue Oct 21 23:02:26 2014
*************** application.
*** 14352,14363 ****
--- 14352,14366 ----
* You can set up sudo(8) and have the ports system use it for tasks
requiring superuser permissions. Just add a line to /etc/mk.conf
containing
SUDO=/usr/bin/sudo
+ and make sure the user running the build is in group wsrc, which is
+ preconfigured for this purpose.
+
* You can modify the ownerships of the ports tree so that you can write
there as a regular user. In this case, the regular user has been added to
the wsrc group, and the underlying directories are made group writable.
# chgrp -R wsrc /usr/ports
# find /usr/ports -type d -exec chmod g+w {} \;
or something like that.
