Comment 1 Mike Gilbert 2014-02-01 02:59:38 UTC

Created attachment 369240 [details]
eix-sync.conf

eix-sync is meant to be called from root and tries to drop permissions.
If you do not want this, export EIX_USER= EIX_GROUP= EIX_UID=-1 EIX_GID=-1

In your case you can safely ignore the warnings - they just inform you that possibly wrong permissions are used for certain tasks because some set{uid,gid,euid,egid} call failed.

In current eix git master on github and berlios (>=eix-0.30.2), I added an extension so that you can configure when the warnings are shown and whether they are fatal (and also some other cases are suppressed e.g. if setuid(user) with permissions of user failed).
I think that I will make the defaults such that the warning will be shown only when you are root, and that it is not fatal if this occurs.

Comment 3 Mike Gilbert 2014-02-01 16:26:56 UTC

(In reply to Martin Väth from comment #2)
> I think that I will make the defaults such that the warning will be shown
> only when you are root, and that it is not fatal if this occurs.

That sounds reasonable. Thanks.

Very similar warnings displaing after 'eix-remote -h' command:

$ eix-remote -h
warning: failed to drop permissions
warning: failed to drop permissions
warning: failed to drop permissions
warning: failed to drop permissions
warning: failed to drop permissions
warning: failed to drop permissions
Usage: eix-remote [options] command
[...skip help...]

$ eix --version
0.30.1

(In reply to Martin Väth from comment #2)
> eix-sync is meant to be called from root and tries to drop permissions.

That's not the case in Gentoo Prefix. Most prefix users will run eix using unprivileged user.

(In reply to yegle from comment #5)
> That's not the case in Gentoo Prefix. Most prefix users will run eix using
> unprivileged user.

I know, but I am hesitating to set unsecure defaults if EPREFIX is set.

>> If you do not want this, export EIX_USER= EIX_GROUP= EIX_UID=-1 EIX_GID=-1

Prefix users can set this if they are sure that they do not want the feature
that it is attempted to drop permissions.

Anyway, there will be less warnings in next eix.

Comment 7 Mike Gilbert 2014-02-28 16:21:39 UTC

(In reply to Martin Väth from comment #2)
> eix-sync is meant to be called from root and tries to drop permissions.
> If you do not want this, export EIX_USER= EIX_GROUP= EIX_UID=-1 EIX_GID=-1
> 

FYI, I tried exporting those variables, and it made no difference when running eix-sync; I still get the "warning: failed to drop permissions" message several times.

(In reply to Mike Gilbert from comment #7)
> FYI, I tried exporting those variables, and it made no difference when
> running eix-sync

This is strange. Does directly calling

EIX_USER= EIX_GROUP= EIX_UID=-1 EIX_GID=-1 eix-drop-permissions /bin/bash
EIX_USER= EIX_GROUP= EIX_UID=-1 EIX_GID=-1 eix-update --print PORTDIR

have the same problem?
Does the git version work (ebuild available from the mv overlay)?

Comment 9 Mike Gilbert 2014-03-01 03:18:00 UTC

(In reply to Martin Väth from comment #8)
> (In reply to Mike Gilbert from comment #7)
> > FYI, I tried exporting those variables, and it made no difference when
> > running eix-sync
> 
> This is strange. Does directly calling
> 
> EIX_USER= EIX_GROUP= EIX_UID=-1 EIX_GID=-1 eix-drop-permissions /bin/bash
> EIX_USER= EIX_GROUP= EIX_UID=-1 EIX_GID=-1 eix-update --print PORTDIR
> 
> have the same problem?

Yes.

> Does the git version work (ebuild available from the mv overlay)?

The git version works fine -- I see no warnings, even without the envvars being set.

Comment 10 Sergey Popov 2014-04-28 13:54:30 UTC

Happens to me too in ~amd64-linux prefix:

prefix@phantom ~ $ id
uid=1000(prefix) gid=100(users) groups=100(users)

This thing works:
export EIX_USER= EIX_GROUP= EIX_UID=1000 EIX_GID=100

Setting -1 for EIX_UID and EIX_GID does not work.
Did not check git version, though...

Closing since eix-0.30.2 with the fix is in the tree