installing binary archives as non-root user

Ryan Schmidt ryandesign at macports.org
Fri Jan 12 13:43:48 UTC 2018


On Jan 12, 2018, at 07:40, db wrote:
> On 18 Nov 2017, at 20:38, Ryan Schmidt wrote:
>> It is preferable to install MacPorts with root (administrator) privileges and to run it with sudo. This is more secure, because, with those privileges, MacPorts can drop privileges and use the unprivileged "macports" user while building. In contrast, if you install MacPorts as your user, MacPorts builds as your user, which gives every port's build system the undesired ability to inadvertently affect any files that your user can affect. For example, if running MacPorts as your user, a badly-written build system could theoretically delete everything in your home directory; if running MacPorts with sudo, that can't happen because the "macports" user doesn't have the ability to modify your home directory.
> 
> 
> When installing macports as non-root couldn't it also switch from non-root user to user 'macports'?

Normal users don't have permission to switch to other users. Only root has permission to do that.


> As an aside, I installed macports as non-root and built coreutils and noticed that it does as root.

What do you mean? What specifically did you notice?


> Is there any way to prevent a port from building as root on a non-root installation?

If a portfile says that a port requires root to build, then it requires root to build, and you cannot build it if you have a non-root installation. But the coreutils portfile doesn't say that.



More information about the macports-users mailing list