admin user (and ditto group member) no longer has the corresponding permissions?!

René J.V. Bertin rjvbertin at gmail.com
Tue Jul 28 09:00:21 UTC 2020


On Tuesday July 28 2020 00:15:22 Clemens Lang wrote:

>Don't do that, that completely breaks the privilege separation. You
>might as well use a non-root install then.

Not at all. It who the macportsuser is changes nothing for the usual case of installing binary packages nor for the normal case of properly written Portfiles and the usual monolithic `sudo port install foo` command. Sure, if I `port destroot foo` without sudo, I will be the owner of the installed files,b but that's still not the same thing as doing a non-root install.

>This configuration is also unsupported. This means that you should not
>expect support on this mailing list for such a configuration.

I'm not.

>macOS has been doing capability management on top of traditional unix
>permissions for a while now, for example associated to your aqua login
>session.

Well, it hasn't in my case, beyond the annoyances associated with signing (again, this is on 10.9, pre-SIP, one of the reasons I've been sticking to it), and Mac-specific ACLs/xattrs aren't at play here either.

>This list isn't the place to ask about those details, Apple
>documentation, and Apple forums are.

You know as well as I do that the Apple forums are useless in cases like this, which require at least low-level knowledge of Unix intricacies. Experience from the past has shown that this is a perfect place to find such knowledge.

But you're right. This issue affects access to any file/directory in both port:xterm and port:mrxt, so I'll just file an issue on trac.

R.


More information about the macports-dev mailing list