[MacPorts] Notification: gsoc08-privileges modified

MacPorts noreply at macports.org
Sat Aug 16 06:59:46 PDT 2008



Changed page "gsoc08-privileges" by pmagrath at macports.org from 79.97.238.254*
Page URL: <http://trac.macports.org/wiki/gsoc08-privileges>
Diff URL: <http://trac.macports.org/wiki/gsoc08-privileges?action=diff&version=2>
Revision 2

-------8<------8<------8<------8<------8<------8<------8<------8<--------
Index: gsoc08-privileges
=========================================================================
--- gsoc08-privileges (version: 1)
+++ gsoc08-privileges (version: 2)
@@ -2,11 +2,25 @@
 
 gsoc08-privileges is [wiki:pmagrath]'s development branch for Google Summer of Code 2008.
 
+
 == Summary ==
 To implement facility to reduce need to execute MacPorts as root.
 
+
 == Current Status ==
 A Beta Release was announced on the macports-dev mailing list on the 11th August 2008.
+
+
+== Use Cases ==
+Use Case 1:
+Current Situation with privilege descalation. Prefix is /opt/local. Root owns prefix. Fetch, build, extract, etc are done in per-user location (~/.macports) and do not require root privileges. Root privileges needed to install. Drop privileges when not needed if started with sudo.
+
+Use Case 2:
+--with-no-root-privileges. Prefix is usually ~/.macports/opt/local (must be specified with --prefix). User owns prefix. No root privileges needed. Ports requiring root privileges (new user accounts, daemons etc.) cannot be installed without a sudo. It is necessary to use a --prefix with --with-no-root-privileges as the default --prefix isn't modified from /opt/local when --with-no-root-privileges is specified.
+
+Use Case 3:
+--with-shared-directory. Prefix is /opt/local. Root owns prefix but shares full read write with a macports group. All members of macports group can install all packages that only effect the /opt/local hierarchy. Root privileges only needed for installs that effect directories outside the prefix. Port maintainers are responsible for designating this with the "install.asroot" option. Drop privileges when not needed.
+
 
 == The Plan ==
 The proposal is to implement a number of improvements to the MacPorts code base in order to reduce the need to execute MacPorts with root privileges.
@@ -20,7 +34,7 @@
 === Portfile Format ===
 The portfile format shall be extended with an additional attribute to mark those ports that can not be installed without root privileges, such as those requiring StartupItems.
 
-''I've added the following new options to the Portfile format: patch.asroot, build.asroot, configure.asroot, destroot.asroot, and install.asroot. These take a boolean (yes/no) value. The default for all but install.asroot is no. install.asroot's default value is yes.''
+''I've added the following new options to the Portfile format: patch.asroot, build.asroot, configure.asroot, destroot.asroot, and install.asroot. These take a boolean (yes/no) value. The default for all is no.''
 
 === Privilege Escaltion ===
 I would feel that the best behavior for if MacPorts is requested to perform a privileged operation for a port, if it currently has no privileged access would be for the user to be given the choice of elevating privileges (by evoking sudo), or aborting. 
@@ -65,15 +79,5 @@
 3) (Stretch) Easy use of MacPorts without root user account activation.[[BR]]
 
 
-== Use Cases ==
-Use Case 1:
-Current Situation with privilege descalation. Prefix is /opt/local. Root owns prefix. Fetch, build, extract, etc are done in per-user location (~/.macports) and do not require root privileges. Root privileges needed to install. Drop privileges when not needed if started with sudo.
-
-Use Case 2:
---with-no-root-privileges. Prefix is usually ~/.macports/opt/local (must be specified with --prefix). User owns prefix. No root privileges needed. Ports requiring root privileges (new user accounts, daemons etc.) cannot be installed without a sudo. It is necessary to use a --prefix with --with-no-root-privileges as the default --prefix isn't modified from /opt/local when --with-no-root-privileges is specified.
-
-Use Case 3:
---with-shared-directory. Prefix is /opt/local. Root owns prefix but shares full read write with a macports group. All members of macports group can install all packages that only effect the /opt/local hierarchy. Root privileges only needed for installs that effect directories outside the prefix. Drop privileges when not needed.
-
 == Related Resources ==
 [http://thread.gmane.org/gmane.os.opendarwin.darwinports/16973/focus=17026]

-------8<------8<------8<------8<------8<------8<------8<------8<--------


* The IP shown here might not mean anything if the user is behind a proxy.

--
MacPorts <http://www.macports.org/>
Ports system for Mac OS

This is an automated message. Someone at http://www.macports.org/
added your email address to be notified of changes on MacPorts.
If it was not you, please report to http://www.macports.org/.


More information about the macports-changes mailing list