Changes between Version 4 and Version 5 of pmagrath


Ignore:
Timestamp:
Jun 10, 2008, 9:59:31 PM (16 years ago)
Author:
pmagrath@…
Comment:

Revised plan as a result of email exchange with Raim.

Legend:

Unmodified
Added
Removed
Modified
  • pmagrath

    v4 v5  
    2020The proposal is to implement a number of improvements to the MacPorts code base in order to reduce the need to execute MacPorts with root privileges.
    2121
    22 Firstly, MacPorts operations which do not explicitly need root privileges will be re-coded so that they will run with normal user privileges. Examples would include fetching, extracting and building the port.
    2322
    24 Secondly, the portfile format shall be extended with an additional attribute to mark those ports that can not be installed without root privileges, such as those requiring StartupItems.
     23==== Reduce need for actions to run as root ====
     24MacPorts operations which do not explicitly need root privileges will be re-coded so that they will run with normal user privileges. Examples would include fetching, extracting and building the port.
    2525
    26 Thirdly, MacPorts will allow users with full write permissions to /opt and its subfolders to install ports which only affect that hierarchy to install those ports without requiring root privileges.
     26==== Portfile Format ====
     27The portfile format shall be extended with an additional attribute to mark those ports that can not be installed without root privileges, such as those requiring StartupItems.
    2728
    28 Finally, MacPorts will allow users to install packages into their own ~/.macports/opt instead of /opt when non root users wish to install a package for their own use only.
     29==== Privilege Escaltion ====
     30I would feel that the best behavior for if MacPorts is requested to perform a privileged operation for a port, if it currently has no privileged access would be for the user to be given the choice of elevating privileges (by evoking sudo), installing in a fakeroot or aborting. The complications are that there is currently no way of knowing whether a port needs privileges, creating a fakeroot mechanism, cleanly elevating and de-elevating privileges.
    2931
    30 A stretch goal would be to modify MacPorts to drop root privileges for all but the install part of the port installation process.
     32==== MacPorts Group ====
     33It would be a good idea to create an additional group macports which users are allowed to run any port command. So /opt/local would be owned by the group macports with g+rw. (Gentoo's portage does something like this.)
    3134
    32 I would feel that the best behavior for if MacPorts is requested to perform a privileged operation for a port, if it currently has no privileged access would be for the user to be given the choice of elevating privileges (by evoking sudo), installing in a fakeroot or aborting. The complications are that there is currently no way of knowing whether a port needs privileges, creating a fakeroot mechanism, cleanly elevating and de-elevating privileges.
     35This will allow users who are members of the new macports group to have full write permissions to /opt and its subfolders, and hence to install ports which only affect that hierarchy to install those ports without requiring root privileges.
     36
     37==== Privilege Dropping ====
     38Examine how we could drop root privileges for building. So we still run port using sudo, but for the actual building root privileges are dropped and the configure/build phase runs with the privileges of the current user only (or of some new unprivileged macports user?). Of course this needs investigation how the permissions inside the workpath need to be set to accomplish this.
     39
     40==== Install MacPorts in your home directory easily ====
     41Modify some of the configure scripts. Currently, if you want to install a MacPorts tree into your home, you need to configure it like this manually:
     42
     43./configure \
     44--prefix=~/macports \
     45--with-install-user=foo \
     46--with-install-group=foo \
     47--with-tclpackage=~/Library/Tcl
     48
     49It'd be great if this could be done with one switch only. For example:
     50
     51./configure \
     52--prefix=~/macports \
     53--without-root-privileges
     54
     55This will allow users to install packages into their own ~/.macports/opt instead of /opt when non root users wish to install ports for their own use only.
    3356
    3457
    3558=== Goals ===
    36 1) Implementation of each of the four improvements mentioned above.[[BR]]
     591) Implementation of the improvements outlined above.[[BR]]
    37602) Ability to easily install common packages without root privileges.[[BR]]
    38 3) (Long term) Use of MacPorts without root user account activation.[[BR]]
     613) (Stretch) Easy use of MacPorts without root user account activation.[[BR]]
    3962
    4063