Why was the macports user implemented

Dan Ports dports at macports.org
Wed Aug 31 12:46:25 PDT 2011

On Wed, Aug 31, 2011 at 02:26:24PM -0500, Rodolfo Aramayo wrote:
> Great. Good explanation. Thanks, but then that begs the question as to
> why the files in '/opt/local/' are not owned by macports:macports and
> instead by 'root:admin and/or root:wheel'? Am I missing something in
> here??

The macports user is used to drop privileges during the build phases;
it's not used during installation and isn't meant to own the files in

There are at least two reasons you would not want it to:

 - it would defeat privilege separation: the reason build runs as
   'macports' is to keep a misbehaving port from having the authority
   to do any damage. If the macports user also owned the files in
   /opt/local, such a port would be able to modify any of those files.
 - some files are installed in the prefix that have other uids. setuid
   root files are one example; things might also be owned by other uids
   that macports sets up.

Dan R. K. Ports              MIT CSAIL                http://drkp.net/

More information about the macports-users mailing list