Re: fetching and building ports as unprivileged user

On 2026/05/14 09:03, Janne Johansson wrote: > If you start a ports build as root, it will drop privs to the _pfetch > and _pbuild user for the respective steps, where the _pbuild user is > disallowed to talk network if you use default pf rules. That's not correct. Ports in general is *not* setup to be started as root. > Den ons 13 maj 2026 kl 17:20 skrev Lisper <lispy888@gmail.com>: > > > > Instructions to fetch and build a port as a regular user are documented in bsd.port.mk(5) but when trying to set PORTS_PRIVSEP as explained in the manpage, all went wrong. I must have missed something. > > > > The install process is reserved to privileged users or root, which is right, no problem. > > > > But a step-by-step recipe for fetching and building ports as unprivileged user would be welcome. in mk.conf, set PORTS_PRIVSEP=Yes, set SUDO to your choice (on ports dev boxes I normally use sudo -E), then either set permissions on the various dirs yourself or run "make fix-permissions" in a port subdir as root. The user that you start the build as will want 'nopasswd' access to run things as _pbuild and _pfetch, for example like this in sudoers username ALL = SETENV: ALL username ALL = (_pbuild) NOPASSWD: ALL, (_pfetch) NOPASSWD: ALL