making portage and related files to be owned by portage:portage allows for a further reduction of permissions, if desired.
this is a tracking bug, per previous convo with zmedico. mostly so neither of us forget to do it.
(In reply to comment #1)
> this is a tracking bug, per previous convo with zmedico. mostly so neither of
> us forget to do it.
Making things owned by portage means that processes that have dropped privileges have will have the ability to modify files that they couldn't modify previously. It wouldn't necessarily cause problems, but it doesn't seem like an improvement either. So, how about some use cases for how you intend to use the new permissions that you propose?
Please provide the requested use-cases and re-open the bug so we can revisit this.
it seems like it'd make things worse -- it's one thing to give access to /usr/portage/ and another to give access to /usr/bin/emerge. i cant imagine any reason why you'd need/want that.
meh. I gave up on gentoo and all of its progeny a year ago.