Changes between Version 1 and Version 2 of gsoc08-privileges


Ignore:
Timestamp:
Aug 16, 2008, 1:59:46 PM (16 years ago)
Author:
pmagrath@…
Comment:

--

Legend:

Unmodified
Added
Removed
Modified

  • gsoc08-privileges

    v1 v2  
    33gsoc08-privileges is [wiki:pmagrath]'s development branch for Google Summer of Code 2008.
    44
     5
    56== Summary ==
    67To implement facility to reduce need to execute MacPorts as root.
    78
     9
    810== Current Status ==
    911A Beta Release was announced on the macports-dev mailing list on the 11th August 2008.
     12
     13
     14== Use Cases ==
     15Use Case 1:
     16Current Situation with privilege descalation. Prefix is /opt/local. Root owns prefix. Fetch, build, extract, etc are done in per-user location (~/.macports) and do not require root privileges. Root privileges needed to install. Drop privileges when not needed if started with sudo.
     17
     18Use Case 2:
     19--with-no-root-privileges. Prefix is usually ~/.macports/opt/local (must be specified with --prefix). User owns prefix. No root privileges needed. Ports requiring root privileges (new user accounts, daemons etc.) cannot be installed without a sudo. It is necessary to use a --prefix with --with-no-root-privileges as the default --prefix isn't modified from /opt/local when --with-no-root-privileges is specified.
     20
     21Use Case 3:
     22--with-shared-directory. Prefix is /opt/local. Root owns prefix but shares full read write with a macports group. All members of macports group can install all packages that only effect the /opt/local hierarchy. Root privileges only needed for installs that effect directories outside the prefix. Port maintainers are responsible for designating this with the "install.asroot" option. Drop privileges when not needed.
     23
    1024
    1125== The Plan ==
     
    2135The portfile format shall be extended with an additional attribute to mark those ports that can not be installed without root privileges, such as those requiring StartupItems.
    2236
    23 ''I've added the following new options to the Portfile format: patch.asroot, build.asroot, configure.asroot, destroot.asroot, and install.asroot. These take a boolean (yes/no) value. The default for all but install.asroot is no. install.asroot's default value is yes.''
     37''I've added the following new options to the Portfile format: patch.asroot, build.asroot, configure.asroot, destroot.asroot, and install.asroot. These take a boolean (yes/no) value. The default for all is no.''
    2438
    2539=== Privilege Escaltion ===
     
    6680
    6781
    68 == Use Cases ==
    69 Use Case 1:
    70 Current Situation with privilege descalation. Prefix is /opt/local. Root owns prefix. Fetch, build, extract, etc are done in per-user location (~/.macports) and do not require root privileges. Root privileges needed to install. Drop privileges when not needed if started with sudo.
    71 
    72 Use Case 2:
    73 --with-no-root-privileges. Prefix is usually ~/.macports/opt/local (must be specified with --prefix). User owns prefix. No root privileges needed. Ports requiring root privileges (new user accounts, daemons etc.) cannot be installed without a sudo. It is necessary to use a --prefix with --with-no-root-privileges as the default --prefix isn't modified from /opt/local when --with-no-root-privileges is specified.
    74 
    75 Use Case 3:
    76 --with-shared-directory. Prefix is /opt/local. Root owns prefix but shares full read write with a macports group. All members of macports group can install all packages that only effect the /opt/local hierarchy. Root privileges only needed for installs that effect directories outside the prefix. Drop privileges when not needed.
    77 
    7882== Related Resources ==
    7983[http://thread.gmane.org/gmane.os.opendarwin.darwinports/16973/focus=17026]