Hi Nick, Hi @misc, Nick Holland wrote, > On 07/02/14 10:54, Waldemar Brodkorb wrote: > > Hi, > > > > just trying to build 5.5 stable branch and seeing that > > ...[checkout/compile/install as root]... > > > Wouldn't it be better to tell the user to add the local non-root > > user to the wsrc group and then just do it without root permissions? > > (changing # into $ in the examples) > > why? > Answer thoughtfully, not reflexively, please.
It might be just a personal best practice to work as less as possible as root. I even normally compile/cross-compile software regular as non-root, because you never know how broken Makefiles and scripts can be. Short anecdote, ten or more years ago, as I build rpm packages for SuSE 7.x as root, I once used a official SuSE spec file to rebuild a package and this wiped my disk. (rm -rf /$some-empty-var problem) Since then I prefer to build software as non-root. > You are building code that all system security depends on. If you don't > trust the user doing this, you have a problem, doing it as non-root > changes this situation not one bit. I trust the user building the code, but I don't trust my scripts in front of that, when trying automatic builds ;) > You have to be root to install the kernel and the userland anyway. If > you wish to build userland without being root, you need sudo configured > without a password (or be sitting around to respond when it asks for a > pw). Again, not really improving security. Maybe lessening it if > that's against your needs. At the moment I followed man release and there is documented todo: $ make SUDO=sudo build Unfortunately this does not work on a fresh OpenBSD 5.5 for amd64 system using cvs src code for stable branch. In the middle it tries to ask for the password and then fails directly without any chance to actually type the password :( May be the default password timeout in sudo is to low. Will verify with a fresh build. Instead $ sudo make build finish perfectly. So is the manpage wrong or does I have done a mistake? And if the man page does suggest building as non-root, wouldn't it be good the FAQ would just already provide information how to get the source without need to change the permissions afterwards? > Good administrative practices? Very possibly. But this comes down to > local administrative policies set by people looking at the situation at > your site. Minimizing the damage of "rm -rf /" is good. Turning off > passwords on sudo if that's otherwise your policy is not good. Sure. > There's a philosophy that what you are doing here could totally f*** > your system up. Not doing it as root and pretending what you do > couldn't hurt things is bad. Maybe seeing the "#" prompt reminds you > there are sharp edges here. Sometimes people have a lot of terminal open to remote systems and then I have seen trainee admins typing "shutdown -h now", because they want to shutdown their workstation, but accidently have shutdown a Xen-Server with 20 productive machines running on it :) So again, avoiding being root is just good in my experience. > me? IF I'm doing this on a "General Purpose" machine, I'd probably > check out as me, compile kernel as me, "sudo make install" the kernel, > and "sudo make build". I should probably "SUDO=sudo make build", but > hey, if there's something wrong in the build scripts that this saves me > from, it would probably be best for all of you that I find out, right? > :) If I'm building on a machine dedicated to building...I'm not seeing > a lot of benefit to not just doing it all as root. Yeah, I of course have a separate virtual machine building OpenBSD for my real systems. So it is indeed not a real issue. Just a nice to have. Just wanna give my colleague firewall admins a chance to do not f*** up my buildsystem ;) best regards Waldemar
