Recommended permissions and ownership of Subversion checkout of dports

Ryan Schmidt ryandesign at macports.org
Thu Oct 17 18:53:23 PDT 2013


On Oct 17, 2013, at 07:34, Clemens Lang <cal at macports.org> wrote:

> On Wed, Oct 16, 2013 at 08:18:51PM -0500, Ryan Schmidt wrote:
>> If my main dports tree is a Subversion working copy, what are the
>> recommended permissions and user and group ownership so that "sudo
>> port sync" and "svn update" and "svn commit" all work? It seems like I
>> should understand this by now but I'm not getting it; what I'm getting
>> are permission errors. 
> 
> I use drwxrwx--- 54 clemens macports. The write permission for the
> MacPorts user might not be necessary, though.

Surely the macports user needs write permission to change things when running "sudo port sync"?

> I am aware (and so should you be), that these files are editable by my
> user account and contain code that will be run with super user
> privileges – so if you're concerned about possible privilege
> escalations, you should create the checkout as root (which also implies
> you need root privileges to edit the Portfiles).

What I'm concerned with is not having to type my password dozens of times a day. This has become increasingly difficult ever since the gsoc08-privileges branch was merged in and basically made non-root MacPorts installations unusable.

I tried your suggestion. "sudo chown -R rschmidt:macports . && sudo chmod -R 770 ." in my dports directory. Then I ran "sudo port sync" which succeeded and pulled in a few updates. Then I checked permissions in the directory. Files updated by the sync do not have these permissions. For example, the gegl and glfw Portfiles have 644 permissions instead of 770, so only the macports user can write to them, so trying to edit them in my editor results in the administrator password prompt that I'm trying to avoid.



More information about the macports-dev mailing list