I normally run eix-sync as a normal user (not root) with membership in the portage group. With the latest version of eix, this produces the following warnings: % eix-sync warning: failed to drop permissions warning: failed to drop permissions warning: failed to drop permissions warning: failed to drop permissions warning: failed to drop permissions warning: failed to drop permissions warning: failed to drop permissions warning: failed to drop permissions warning: failed to drop permissions warning: failed to drop permissions * Running !-hooks
Created attachment 369240 [details] eix-sync.conf
eix-sync is meant to be called from root and tries to drop permissions. If you do not want this, export EIX_USER= EIX_GROUP= EIX_UID=-1 EIX_GID=-1 In your case you can safely ignore the warnings - they just inform you that possibly wrong permissions are used for certain tasks because some set{uid,gid,euid,egid} call failed. In current eix git master on github and berlios (>=eix-0.30.2), I added an extension so that you can configure when the warnings are shown and whether they are fatal (and also some other cases are suppressed e.g. if setuid(user) with permissions of user failed). I think that I will make the defaults such that the warning will be shown only when you are root, and that it is not fatal if this occurs.
(In reply to Martin Väth from comment #2) > I think that I will make the defaults such that the warning will be shown > only when you are root, and that it is not fatal if this occurs. That sounds reasonable. Thanks.
Very similar warnings displaing after 'eix-remote -h' command: $ eix-remote -h warning: failed to drop permissions warning: failed to drop permissions warning: failed to drop permissions warning: failed to drop permissions warning: failed to drop permissions warning: failed to drop permissions Usage: eix-remote [options] command [...skip help...] $ eix --version 0.30.1
(In reply to Martin Väth from comment #2) > eix-sync is meant to be called from root and tries to drop permissions. That's not the case in Gentoo Prefix. Most prefix users will run eix using unprivileged user.
(In reply to yegle from comment #5) > That's not the case in Gentoo Prefix. Most prefix users will run eix using > unprivileged user. I know, but I am hesitating to set unsecure defaults if EPREFIX is set. >> If you do not want this, export EIX_USER= EIX_GROUP= EIX_UID=-1 EIX_GID=-1 Prefix users can set this if they are sure that they do not want the feature that it is attempted to drop permissions. Anyway, there will be less warnings in next eix.
(In reply to Martin Väth from comment #2) > eix-sync is meant to be called from root and tries to drop permissions. > If you do not want this, export EIX_USER= EIX_GROUP= EIX_UID=-1 EIX_GID=-1 > FYI, I tried exporting those variables, and it made no difference when running eix-sync; I still get the "warning: failed to drop permissions" message several times.
(In reply to Mike Gilbert from comment #7) > FYI, I tried exporting those variables, and it made no difference when > running eix-sync This is strange. Does directly calling EIX_USER= EIX_GROUP= EIX_UID=-1 EIX_GID=-1 eix-drop-permissions /bin/bash EIX_USER= EIX_GROUP= EIX_UID=-1 EIX_GID=-1 eix-update --print PORTDIR have the same problem? Does the git version work (ebuild available from the mv overlay)?
(In reply to Martin Väth from comment #8) > (In reply to Mike Gilbert from comment #7) > > FYI, I tried exporting those variables, and it made no difference when > > running eix-sync > > This is strange. Does directly calling > > EIX_USER= EIX_GROUP= EIX_UID=-1 EIX_GID=-1 eix-drop-permissions /bin/bash > EIX_USER= EIX_GROUP= EIX_UID=-1 EIX_GID=-1 eix-update --print PORTDIR > > have the same problem? Yes. > Does the git version work (ebuild available from the mv overlay)? The git version works fine -- I see no warnings, even without the envvars being set.
Happens to me too in ~amd64-linux prefix: prefix@phantom ~ $ id uid=1000(prefix) gid=100(users) groups=100(users) This thing works: export EIX_USER= EIX_GROUP= EIX_UID=1000 EIX_GID=100 Setting -1 for EIX_UID and EIX_GID does not work. Did not check git version, though...
Closing since eix-0.30.2 with the fix is in the tree