Recommended permissions and ownership of Subversion checkout of dports
Chris Jones
jonesc at hep.phy.cam.ac.uk
Fri Oct 18 01:24:03 PDT 2013
>> I am aware (and so should you be), that these files are editable by my
>> user account and contain code that will be run with super user
>> privileges – so if you're concerned about possible privilege
>> escalations, you should create the checkout as root (which also implies
>> you need root privileges to edit the Portfiles).
>
> What I'm concerned with is not having to type my password dozens of times a day. This has become increasingly difficult ever since the gsoc08-privileges branch was merged in and basically made non-root MacPorts installations unusable.
>
> I tried your suggestion. "sudo chown -R rschmidt:macports . && sudo chmod -R 770 ." in my dports directory. Then I ran "sudo port sync" which succeeded and pulled in a few updates. Then I checked permissions in the directory. Files updated by the sync do not have these permissions. For example, the gegl and glfw Portfiles have 644 permissions instead of 770, so only the macports user can write to them, so trying to edit them in my editor results in the administrator password prompt that I'm trying to avoid.
>
why not just update your sudoers permissions file, to allow your main
account to run the port command as root, without requiring a password
(or just give it a longer timeout, which would be my preferred way) ?
Seems easier than faffing with file permissions ..
Chris
More information about the macports-dev
mailing list