Why was the macports user implemented
raramayo at gmail.com
Wed Aug 31 12:26:24 PDT 2011
Great. Good explanation. Thanks, but then that begs the question as to
why the files in '/opt/local/' are not owned by macports:macports and
instead by 'root:admin and/or root:wheel'? Am I missing something in
Regardless we have to 'sudo' to install MacPorts and its ports, right?
You said " The typical way of implementing this is creating a user and group, so
> permissions on files can be set to `macports:macports`."
can be set or must be set??
Does MacPorts checks if the ports are owned by macports:macports?
On Wed, Aug 31, 2011 at 14:09, Jeremy Lavergne
<jeremy at lavergne.gotdns.org> wrote:
>> Please explain to me like if I were a four-year old, why was the user
>> 'macports' implemented?
> The user was created to address this problem:
> Portfiles and the packages they install can contain arbitrary code, and
> should not be trusted unless they are signed and that packager is trusted.
> The concern is someone could execute any command, say `rm -rf $HOME` for
> whatever user is running the command. If this is root, your drive could be
> gone. If it is you, all your stuff could be gone.
> By using a separate user, similar to `nobody` we can ensure it dosen't
> have permission to do something unless you explicitly give such
> permissions to the place it is trying to access.
> The typical way of implementing this is creating a user and group, so
> permissions on files can be set to `macports:macports`.
More information about the macports-users