port load/unload

Ryan Schmidt ryandesign at macports.org
Sat Sep 18 15:43:02 PDT 2010


On Sep 18, 2010, at 17:33, Bradley Giesbrecht wrote:

> Please always error on the side of preserving user data. I haven't been following this thread but "your data" caught my eye. Whether conf files or db's, same thing, we need to preserve them and that is one thing I do not see enforced by port.

That's not what we're talking about here at all. We're talking about the fact that, before the gsoc08-privileges branch was merged in, when you "sudo port install foo", all parts of the foo port, including the configuration and building phases, ran as root. These phases do not need that level of access and many developers frown on this practice, so the gsoc08-privileges branch made these phases run as a normal user, so as to prevent those phases from having the ability to write data anywhere on the disk.

I forget whether the default now is, or ever was, for that other user to be your Mac OS X user account. If it was, that would continue to be a security risk, as, even though the port could then not write to root-owned locations, it could still write to locations owned by your user, which would still be a whole lot of the drive. The suggestion by Rainer to fix that was to use the "nobody" user which has privileges to do almost nothing.




More information about the macports-dev mailing list