Re: RFC: Allow non-root users to use make distribution and make installworld?

From: Bruce Evans <bde_at_zeta.org.au>
Date: Mon, 18 Aug 2003 08:10:37 +1000 (EST)
On Sun, 17 Aug 2003, Ulrich Spoerlein wrote:

> I'm trying to build a new LiveCD based upon the Freesbie scripts, and
> well, I don't want to require superuser privileges to build the LiveCD
> image. While this is not a problem with 'make buildworld' 'make
> distribution' in /usr/src/etc is "broken" for the non-root case.
>
> Attached are some patches to make this work by make the user/group
> info passed to install overrideable.
>
> The problem now lies with 'make installworld' which currently dies here:
> ===> lib/libcom_err/doc
> install-info --quiet  --defsection="Programming & development tools."  --defentry="* libcom_err: (com_err).        A Common Error Description Library for UNIX."  com_err.info /usr/test/root/usr/share/info/dir
> /usr/test/root/usr/share/info/dir: Permission denied
> *** Error code 1
>
> because /usr/share/info/dir has permissions 444 and therefore the 'user'
> can't write to that file (whereas mode 444 wouldn't stop the superuser)
>
> The question now is, should I provide patches to make this work. Do "we"
> actually want this to work? Or is anybody trying to run installworld as
> non-user doing something completely stupid?

I tried this the other day but gave up on the info dir.  I was doing
something stupid -- I knew that installworld wouldn't work and only
wanted to test buildworld, but forgot to change the test script :-).

Setting INFOMODE to 644 should work after you fix all the hard-coded
ownerships and modes.  Other defaults for the mode may need to be changed
similarly.

The default read-only modes are bogus for root anyway.  BINMODE=555 only
made sense when BINOWN was bin.  But read-only modes are a safe default.

> --- etc/isdn/Makefile.orig	Sun Aug 17 20:14:23 2003
> +++ etc/isdn/Makefile	Sun Aug 17 20:14:48 2003
> _at__at_ -18,8 +18,8 _at__at_
>
>  install:
>  		for i in ${I4BETCPROG} ; do \
> -		  ${INSTALL} -o root -g wheel -m 700 $$i ${DESTDIR}/etc/isdn ; \
> +		  ${INSTALL} -o ${BINOWN} -g ${BINGRP} -m 700 $$i ${DESTDIR}/etc/isdn ; \
>  		done ; \
>  		for i in ${I4BETCFILE} ; do \
> -		  ${INSTALL} -o root -g wheel -m 600 $$i ${DESTDIR}/etc/isdn ; \
> +		  ${INSTALL} -o ${BINOWN} -g ${BINGRP} -m 600 $$i ${DESTDIR}/etc/isdn ; \
>  		done

The patches make some lines too long.

> --- etc/rc.d/motd.orig	Sun Aug 17 20:24:01 2003
> +++ etc/rc.d/motd	Sun Jun 15 18:55:59 2003
> _at__at_ -33,7 +33,7 _at__at_
>  	#
>  	echo "Updating motd."
>  	if [ ! -f /etc/motd ]; then
> -		install -c -o ${BINOWN} -g ${BINGRP} -m ${PERMS} /dev/null /etc/motd
> +		install -c -o root -g wheel -m ${PERMS} /dev/null /etc/motd
>  	fi
>
>  	case ${OSTYPE} in

This partcular patch seems to be reversed.

I don't see how rc.d can know the build defaults.  Perhaps it shouldn't.
It could adjust ownerships and modes to runtime defaults if the build
ones are insecure.

Bruce
Received on Sun Aug 17 2003 - 13:10:47 UTC

This archive was generated by hypermail 2.4.0 : Wed May 19 2021 - 11:37:19 UTC