On my local box $DISTDIR is owned by my USER:GROUP As a normal user I wish to be able to fetch files, (not install them) but portage still demands me to be root to download (ie "emerge -f pkgs") I view this as a security risk as fetching files as a root is going to open a root owned socket and who knows when wget or other will become exploitable again. It's my belief that portage only needs to check for +w under the current context to be able to fetch files to the $DISTDIR. # this works as a narmal user but is undesirable. fakeroot emerge -f pkgs I would provide a patch for this but coding in python is not really one of my stronger points.
At the very least, can userpriv always download as portage? AFAICT, all that would need done besides changing users to run wget is checking and fixing the $DISTDIR permissions like ${DISTDIR}/cvs-src already does. (I'm thinking it might be a nice roadblock for script kiddies to prevent root from accessing the Internet at all. Even if I can't block rsync, I need to kill {HT,F}TP.)
Err, this is a dupe, but meanwhile emerge -f no longer requires root privs as of pre15.
