On Wed, Jul 04, 2012 at 02:20:36PM -0400, Rick "Zero_Chaos" Farina wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
> 
> On 07/04/2012 01:58 PM, Michał Górny wrote:
> > On Wed, 4 Jul 2012 19:46:47 +0200
> > Tobias Klausmann <klaus...@gentoo.org> wrote:
> > 
> >> Recently, I have again bumped into the question whether one
> >> should compile the kernel as root. One of the things that puzzles
> >> me is why almost every HowTo, blog post and book recommends
> >> building as non-root -- yet basically no distribution /helps/ the
> >> user with doing that.
> >>
> >> I've discussed this with a few people on #gentoo-dev and they've
> >> provided valuable insight (thanks AxS, Chainsaw and WilliamH), so
> >> I have gathered the results so far here:
> >>
> >> http://blog.i-no.de/archives/2012/07/index.html#e2012-07-04T19_28_32.txt
> >>
> >> Feel free to comment (ideally here). Note that I'm aiming for a
> >> solution that is not (overly) Gentoo-specific.
> > 
> > There's a very simple yet custom solution I'm using. Shortly saying:
> > checkout the kernel git to /usr/src/linux and chown to your user. As
> > far as it goes, it's superior to having kernel sources installed by
> > ebuilds.
> > 
> > I just have to remember to do 'git fetch' from time to time and 'git
> > merge' whenever a new version is tagged.
> > 
> 
> Honestly I'm not certain if there is an easy way to do this....
> 
> Obvious easy way, make the ebuilds install the kernel sources and chown
> root.users then chmod g+w.  Of course, after this any user could trojan
> the kernel...

There is no need to chown or chmod anything. /usr/src/linux* is always
world readable.

> We could allow writes in the directories but not to the kernel source
> files themselves... that seems moderately sane even as the source files
> don't need to be written to be compiled, only the dir's need write
> permissions...

Actually the directories do not need write permissions either. Take a
look at the O= option documented in /usr/src/linux/README.

William

Attachment: pgpd90SjW3nS8.pgp
Description: PGP signature

Reply via email to