Re: [gentoo-user] portage directory ownerships?
On Tue, 15 Sep 2015 22:25:15 +0200, Alan McKinnon wrote: > > That got me thinking. Everywhere that portage operates or owns > > things, should the ownership not be portage.portage > > and what would the typical permissions be? > > Here, all of /etc/portage is root:root > The tree and all overlays are portage:portage Just to add some confusion to the mix root@fenchurch: drwxr-xr-x 1 root root 3378 Aug 25 08:43 /var/portage root@hactar: drwxr-xr-x 1 root root 3378 Aug 25 07:55 /var/portage root@vroomfondel: drwxr-xr-x 168 root root 4096 Aug 25 08:03 /var/portage root@slartibartfast: drwxr-xr-x 1 portage portage 3378 Aug 25 08:05 /var/portage root@lunkwill: drwxr-xr-x 168 portage portage 4096 Aug 25 07:35 /var/portage root@quordlepleen: drwxr-xr-x 1 root root 3378 Aug 25 08:04 /var/portage So some are portage:portage, some are root:root - all use /var/portage for $PORTDIR so that's not an issue. One of the portage:portage ones is the one that syncs with the mirrors and acts as an rsync host for the others, this may or may not be significant. Downloading a portage snapshot shows it all to be owned by portage:portage, so I guess that's as close as we are going to get to a definitive answer. -- Neil Bothwick If at first you don't succeed, you'll get a lot of free advice from folks who didn't succeed either. pgpUGIRCpxZVl.pgp Description: OpenPGP digital signature
Re: [gentoo-user] portage directory ownerships?
On Wednesday, September 16, 2015 8:01:56 AM Alan McKinnon wrote: > On 16/09/2015 00:36, Fernando Rodriguez wrote: > > On Tuesday, September 15, 2015 10:25:15 PM Alan McKinnon wrote: > >> On 15/09/2015 22:09, james wrote: > >>> Hello, > >>> > >>> So looking at /etc/portage/repos.conf, it seems root.root owns these > >>> files; shouldn't it be portage.portage? and /usr/portage > >>> > >>> That got me thinking. Everywhere that portage operates or owns > >>> things, should the ownership not be portage.portage > >>> and what would the typical permissions be? > >> > >> Here, all of /etc/portage is root:root > >> The tree and all overlays are portage:portage > >> > >> You can make a local overlay owned by user you want, stuff you hack away > >> at yourself should probably be james:james or james:users > >> > >> Typically, permissions in /etc/portage are the usual 755 for dirs and > >> 644 for files > >> > >> I set overlays and the tree to be 2775 for dirs and 664 for files > >> > >>> > >>> Is there a master list I can look at? Surely root not own all > >>> these dirs, like /usr/portage/* ? My /usr/portage is root.root > >>> and 755 on permissions, is that right? > >> > >> Permissions should be what YOU need them to be on your computer. There's > >> a default, it's what portage makes them when you install stuff > >> > >>> > >>> If so, why? > >> > >> Only root should change the master config files in /etc, just like in > >> all other apps > >> IIRC emerge can drop privs to a user account, if that user is portage > >> then portage must own the files > > > > It is true that portage drops privileges to the portage account (unless the > > ebuild has RESTRICT="userpriv" or I think FEATURES="-userpriv" on make.conf) > > but it doesn't need to write to the portage tree except to the distfiles > > directory so I don't know of any reason to have everything owned by > > portage:portage if the perms are 755/644. > > portage also syncs the tree. For that it needs write perms. > > > > > Mine is owned by root:root because it got borked one time after a sync so I > > deleted it and copied from another box manually. The only problem I ever had > > is that a fetch failed, and I just chowned the distfiles dir to portage:portage > > to fix it. Only recently it was pointed to me on this list that it was supposed > > to be portage:portage. I never changed it back to portage:portage but I made a > > mental note not to forget about it in case of trouble, that way I'll learn why > > that's the default if/when something breaks :) Besides it offers some (limited) > > protection against an ebuild accidentally writing to your portage tree. > > > >>> > >>> In my /usr/local/portage and it's subdirs where I hack on many > >>> ebuild, portage.portage owns everything.? > >> > >> Make your life easy, chaown that stuff to james > > > > I personally prefer root:root because I think it is more secure. If you let > > somebody use your account even for a minute s/he could modify an ebuild > > without a password to install whatever s/he wants next time you run an update. > > I'll argue that it's less secure. Giving someone else a gap to modify > your ebuilds when you accidentally leave the computer unlocked is a rare > event whereas you modifying your own ebuilds like james does is a common > event. > > If an overlay is root:root then he has to be root every time he works on > it. If he then commits that rare blunder of leaving the computer > unlocked, Murphy says he'll do it with a root shell open. I also have the habit of never opening root shells unless absolutely necessary (which is next to never) and when I do I'm very conscious about it so that won't be a problem for me. I do a lot of ebuild hacking and that does mean I type my password a lot but you get used to it. > While it is entirely possible to have a rogue colleague install a dodgy > ebuild, that attacker would have to know exactly what to install where > and would have to have the ebuild on hand to slip it in during the very > few minutes available. To my eye that's a very small window of > opportunity and needs a perfect storm to pull it off = vanishingly small > risk If that was my mission I just pick something that I know you run at startup like udev (I may pick something more trivial if possible to minimize the chance of you noticing). I'd bump the version and have the ebuild install my evil program along with it and add a few liner patch to fork() and execve() my program or just make my program a patch to the main prog. Then I'll put it on a webserver along with a script that does to work for me. Now I just need to run a single command to download and execute the script. So granted, it takes planning, and maybe some social engineering or other methods to get details about your system but once I get the chance it'll take only a few seconds and next time you update I'd have root access. -- Fernando Rodriguez
Re: [gentoo-user] portage directory ownerships?
On 16/09/2015 00:36, Fernando Rodriguez wrote: > On Tuesday, September 15, 2015 10:25:15 PM Alan McKinnon wrote: >> On 15/09/2015 22:09, james wrote: >>> Hello, >>> >>> So looking at /etc/portage/repos.conf, it seems root.root owns these >>> files; shouldn't it be portage.portage? and /usr/portage >>> >>> That got me thinking. Everywhere that portage operates or owns >>> things, should the ownership not be portage.portage >>> and what would the typical permissions be? >> >> Here, all of /etc/portage is root:root >> The tree and all overlays are portage:portage >> >> You can make a local overlay owned by user you want, stuff you hack away >> at yourself should probably be james:james or james:users >> >> Typically, permissions in /etc/portage are the usual 755 for dirs and >> 644 for files >> >> I set overlays and the tree to be 2775 for dirs and 664 for files >> >>> >>> Is there a master list I can look at? Surely root not own all >>> these dirs, like /usr/portage/* ? My /usr/portage is root.root >>> and 755 on permissions, is that right? >> >> Permissions should be what YOU need them to be on your computer. There's >> a default, it's what portage makes them when you install stuff >> >>> >>> If so, why? >> >> Only root should change the master config files in /etc, just like in >> all other apps >> IIRC emerge can drop privs to a user account, if that user is portage >> then portage must own the files > > It is true that portage drops privileges to the portage account (unless the > ebuild has RESTRICT="userpriv" or I think FEATURES="-userpriv" on make.conf) > but it doesn't need to write to the portage tree except to the distfiles > directory so I don't know of any reason to have everything owned by > portage:portage if the perms are 755/644. portage also syncs the tree. For that it needs write perms. > > Mine is owned by root:root because it got borked one time after a sync so I > deleted it and copied from another box manually. The only problem I ever had > is that a fetch failed, and I just chowned the distfiles dir to > portage:portage > to fix it. Only recently it was pointed to me on this list that it was > supposed > to be portage:portage. I never changed it back to portage:portage but I made > a > mental note not to forget about it in case of trouble, that way I'll learn > why > that's the default if/when something breaks :) Besides it offers some > (limited) > protection against an ebuild accidentally writing to your portage tree. > >>> >>> In my /usr/local/portage and it's subdirs where I hack on many >>> ebuild, portage.portage owns everything.? >> >> Make your life easy, chaown that stuff to james > > I personally prefer root:root because I think it is more secure. If you let > somebody use your account even for a minute s/he could modify an ebuild > without a password to install whatever s/he wants next time you run an update. I'll argue that it's less secure. Giving someone else a gap to modify your ebuilds when you accidentally leave the computer unlocked is a rare event whereas you modifying your own ebuilds like james does is a common event. If an overlay is root:root then he has to be root every time he works on it. If he then commits that rare blunder of leaving the computer unlocked, Murphy says he'll do it with a root shell open. While it is entirely possible to have a rogue colleague install a dodgy ebuild, that attacker would have to know exactly what to install where and would have to have the ebuild on hand to slip it in during the very few minutes available. To my eye that's a very small window of opportunity and needs a perfect storm to pull it off = vanishingly small risk -- Alan McKinnon alan.mckin...@gmail.com
Re: [gentoo-user] portage directory ownerships?
On Tuesday, September 15, 2015 10:25:15 PM Alan McKinnon wrote: > On 15/09/2015 22:09, james wrote: > > Hello, > > > > So looking at /etc/portage/repos.conf, it seems root.root owns these > > files; shouldn't it be portage.portage? and /usr/portage > > > > That got me thinking. Everywhere that portage operates or owns > > things, should the ownership not be portage.portage > > and what would the typical permissions be? > > Here, all of /etc/portage is root:root > The tree and all overlays are portage:portage > > You can make a local overlay owned by user you want, stuff you hack away > at yourself should probably be james:james or james:users > > Typically, permissions in /etc/portage are the usual 755 for dirs and > 644 for files > > I set overlays and the tree to be 2775 for dirs and 664 for files > > > > > Is there a master list I can look at? Surely root not own all > > these dirs, like /usr/portage/* ? My /usr/portage is root.root > > and 755 on permissions, is that right? > > Permissions should be what YOU need them to be on your computer. There's > a default, it's what portage makes them when you install stuff > > > > > If so, why? > > Only root should change the master config files in /etc, just like in > all other apps > IIRC emerge can drop privs to a user account, if that user is portage > then portage must own the files It is true that portage drops privileges to the portage account (unless the ebuild has RESTRICT="userpriv" or I think FEATURES="-userpriv" on make.conf) but it doesn't need to write to the portage tree except to the distfiles directory so I don't know of any reason to have everything owned by portage:portage if the perms are 755/644. Mine is owned by root:root because it got borked one time after a sync so I deleted it and copied from another box manually. The only problem I ever had is that a fetch failed, and I just chowned the distfiles dir to portage:portage to fix it. Only recently it was pointed to me on this list that it was supposed to be portage:portage. I never changed it back to portage:portage but I made a mental note not to forget about it in case of trouble, that way I'll learn why that's the default if/when something breaks :) Besides it offers some (limited) protection against an ebuild accidentally writing to your portage tree. > > > > In my /usr/local/portage and it's subdirs where I hack on many > > ebuild, portage.portage owns everything.? > > Make your life easy, chaown that stuff to james I personally prefer root:root because I think it is more secure. If you let somebody use your account even for a minute s/he could modify an ebuild without a password to install whatever s/he wants next time you run an update. > > Curious, and I cannot remember ever looking at this > > > > > > James > > > > > > > > > > > -- Fernando Rodriguez
Re: [gentoo-user] portage directory ownerships?
On 15/09/2015 22:09, james wrote: > Hello, > > So looking at /etc/portage/repos.conf, it seems root.root owns these > files; shouldn't it be portage.portage? and /usr/portage > > That got me thinking. Everywhere that portage operates or owns > things, should the ownership not be portage.portage > and what would the typical permissions be? Here, all of /etc/portage is root:root The tree and all overlays are portage:portage You can make a local overlay owned by user you want, stuff you hack away at yourself should probably be james:james or james:users Typically, permissions in /etc/portage are the usual 755 for dirs and 644 for files I set overlays and the tree to be 2775 for dirs and 664 for files > > Is there a master list I can look at? Surely root not own all > these dirs, like /usr/portage/* ? My /usr/portage is root.root > and 755 on permissions, is that right? Permissions should be what YOU need them to be on your computer. There's a default, it's what portage makes them when you install stuff > > If so, why? Only root should change the master config files in /etc, just like in all other apps IIRC emerge can drop privs to a user account, if that user is portage then portage must own the files > > In my /usr/local/portage and it's subdirs where I hack on many > ebuild, portage.portage owns everything.? Make your life easy, chaown that stuff to james > Curious, and I cannot remember ever looking at this > > > James > > > > -- Alan McKinnon alan.mckin...@gmail.com
Re: [gentoo-user] portage directory ownerships?
james wrote: > Hello, > > So looking at /etc/portage/repos.conf, it seems root.root owns these > files; shouldn't it be portage.portage? and /usr/portage On my system /etc/portage/repos.conf is also owned by root:root > That got me thinking. Everywhere that portage operates or owns > things, should the ownership not be portage.portage > and what would the typical permissions be? > > Is there a master list I can look at? Surely root not own all > these dirs, like /usr/portage/* ? My /usr/portage is root.root > and 755 on permissions, is that right? On my system /usr/portage/* is owned by portage:portage and permissions for directories is drwxrwsr-x and for files -rw-rw-r-- In make.conf I have usersandbox and userpriv in my FEATURES list. Dunno, but maybe this has something to do with ownership/permissions. -- Regards wabe
[gentoo-user] portage directory ownerships?
Hello, So looking at /etc/portage/repos.conf, it seems root.root owns these files; shouldn't it be portage.portage? and /usr/portage That got me thinking. Everywhere that portage operates or owns things, should the ownership not be portage.portage and what would the typical permissions be? Is there a master list I can look at? Surely root not own all these dirs, like /usr/portage/* ? My /usr/portage is root.root and 755 on permissions, is that right? If so, why? In my /usr/local/portage and it's subdirs where I hack on many ebuild, portage.portage owns everything.? Curious, and I cannot remember ever looking at this James