| Summary: | FEATURES="usersync" invokes git as root | ||
|---|---|---|---|
| Product: | Portage Development | Reporter: | Sam James <sam> |
| Component: | Core | Assignee: | Portage team <dev-portage> |
| Status: | CONFIRMED --- | ||
| Severity: | normal | CC: | correabuscar+gentoo_bugs, d, flow, gentoo |
| Priority: | Normal | ||
| Version: | unspecified | ||
| Hardware: | All | ||
| OS: | Linux | ||
| See Also: |
https://bugs.gentoo.org/show_bug.cgi?id=838223 https://bugs.gentoo.org/show_bug.cgi?id=701184 |
||
| Whiteboard: | |||
| Package list: | Runtime testing required: | --- | |
|
Description
Sam James
2022-10-16 18:27:53 UTC
Isn't 'userfetch' the one that is supposed to make git run as non-root?
From man make.conf:
userfetch
When portage is run as root, drop privileges to portage:portage during the fetching of package sources.
userpriv
Allow portage to drop root privileges and compile packages as portage:portage without a sandbox (unless usersandbox is also used).
usersandbox
Enable the sandbox in the compile phase, when running without root privs (userpriv).
usersync
Drop privileges to the owner of ${repository_location} for emerge(1) --sync operations. Note that this feature assumes that all subdi‐
rectories of ${repository_location} have the same ownership as ${repository_location} itself. It is the user's responsibility to ensure
correct ownership, since otherwise Portage would have to waste time validating ownership for each and every sync operation.
(In reply to Emanuel Czirai from comment #1) I actually think we are talking about "usersync" here, not "userfetch" or "userpriv". flow, could I tempt you into looking at this? |