root on ports

Bryan Dumm bdumm at
Wed Feb 14 12:08:17 PST 2001

On Thursday 15 February 2001 00:50, you wrote:
> On Tuesday 13 February 2001 20:16, Bryan Dumm wrote:
> > and if alfs ran as say user nobody then how
> > would elements like <make_install> work?
> In fact, suing to root only for <make_install> (and other) tags would make
> it a bit more secure and less risky. After all, only tags that can possibly
> write to disk need root access.

This is the path I started to take also...


<sudo user=root>
<sudopass>kgjdfgkdfjlgjdfkhlviu(encrypted pass)</sudopass>

This can be sent over ssl, and even the whole thing encrypted
again in the frontend, alfs_xmlrpcd.

But I don't think package designers should be adding this....
I think if you(alfs_xmlrpcd designer) got on a port, and you 
worry about root, then you should be able to take the generic 
package profile, and merge the needed <sudo> with all the 
<make_install> or other type of commands?????????

maybe <sudo> the whole profile, make it easy???

at least alfs_xmlrpcd could run as user nobody this way...

more thoughts?


More information about the alfs-discuss mailing list