På søndag 1. mars 2026 kl. 22:52, skrev Stuart Henderson
<stu@spacehopper.org>:
> On 2026/03/01 20:38, yaydn@protonmail.com wrote:
> > permit nopass setenv { \
> > FTPMODE PKG_CACHE PKG_PATH SM_PATH SSH_AUTH_SOCK \
> > DESTDIR DISTDIR FETCH_CMD FLAVOR GROUP MAKE MAKECONF \
> > MULTI_PACKAGES NOMAN OKAY_FILES OWNER PKG_DBDIR \
> > PKG_DESTDIR PKG_TMPDIR PORTSDIR RELEASEDIR SHARED_ONLY \
> > PORTS_TREE_OWNER FAKE_TREE_OWNER PORTSDIR \
> > SUBPACKAGE WRKOBJDIR SUDO_PORT_V1 } :wsrc
>
> security-wise, if your normal user account is in wsrc, this is pretty
> much equivalent to running as root
>
>
Only have privsep_user in the wsrc and not the normal user accounts, to
only have that one privsep_user do fetching, building, and packaging.
Should I comment this instead, reduce this, or use something else in a
PORTS_PRIVSEP=Yes configuration? Or is adding (with or w/o nopass)
permit keepenv privsep_user as root cmd pkg_add
not changing what that one user, who is not a normal account, can
already do? I like the convenience, but am willing to forgo if that is
best(or better) security workflow. Does my query make sense?
No comments:
Post a Comment