> On 2017-07-18, multiplex'd <multipl...@gmx.com> wrote: > > Thank you for explaining; I suspected the reasoning was such. Speaking > > specifically > > about ports, is there a way to start a port build as root and then drop > > priviledges > > (in a similar manner to the base system's build infrastructure)? A quick > > glance > > through bsd.port.mk(5) suggests that this isn't (yet) possible. (A possible > > workaround > > is to run "make fetch" as a normal user, "make prepare" as root and "make > > build" as > > normal user etc, however if there are dependencies which need to be built > > at the "make > > prepare" stage then they are built as root.) > > dpb(8) handles this automatically, but it's a pain when you're starting > work on a new port from scratch especially if you don't have a > particularly clean ports tree.
This ran into the same problem as base system builds: it isn't terribly difficult to build a de-escalation mechanism into a large infrastructure from the top-down, but it is much harder to build it for the internal elements. cd /usr/src/bin/ls; make. No de-escalation occurs. But in some ways that matches the development process, so that is OK.
