Why was the macports user implemented

Jeremy Lavergne jeremy at lavergne.gotdns.org
Wed Aug 31 12:09:33 PDT 2011


> Please explain to me like if I were a four-year old, why was the user
> 'macports' implemented?

The user was created to address this problem:
Portfiles and the packages they install can contain arbitrary code, and
should not be trusted unless they are signed and that packager is trusted.

The concern is someone could execute any command, say `rm -rf $HOME` for
whatever user is running the command. If this is root, your drive could be
gone. If it is you, all your stuff could be gone.

By using a separate user, similar to `nobody` we can ensure it dosen't
have permission to do something unless you explicitly give such
permissions to the place it is trying to access.

The typical way of implementing this is creating a user and group, so
permissions on files can be set to `macports:macports`.




More information about the macports-users mailing list