Chris F.A. Johnson <cfajohnson@gmail.com> wrote:
> On 2006-08-01, chuckcar wrote:

>> Try compiling a package sometime *without* root authority
>
> Never compile as root.
>
>> - won't happen
>
> Of course it will; that is what you should do.
>
> You only need to be root to install the package.

I say this with some trepidation, because it could be seen as a slam
against our Scarlet Chapeau-wearing friends (and I do not so intend,
nor do I engage in distro-bashing generally): There seems to be a
very common misconception among (many) users of RPM-based distributions,
and particularly of Red Hat [Enterprise] Linux, that one cannot build
packages unless one is wielding root-user authority.

I believe this is because doing compiles inside /usr/src/redhat (with
root authority) _was_ in fact the standard means at the time that RH
started becoming popular -- and remains very much the path of least
resistance. So, I hear that from people all the time.

I'm every bit as guilty of this as most people: It's a bit of a pain in
the neck to set up the build-dir and dotfile contents necessary to
_avoid_ the need for root access -- and I'm actually typing this on an
RHEL laptop where I, too, haven't bothered. (I did, then somehow lost
the dotfile stuff, and hadn't redone it yet -- but hadn't needed to
build RPMs recently, so I have an excuse.)

Anyhow, pro bono publico, I've just put a link up to a nice _short_
piece on the subject in the RedHat page of my knowledgebase
(http://linuxmafia.com/kb/RedHat/ ).

ibuprofin@painkiller.example.tld (Moe Trin) wrote in
news:slrnecvcql.gqe.ibuprofin@compton.phx.az.us:

> On 1 Aug 2006, in the Usenet newsgroup comp.os.linux.setup, in article
> <Xns9811D4BAD6E2Echuckcar@85.227.11.7>, chuckcar wrote:
>
>>Rick Moen <rick@linuxmafia.com> wrote
>
>>> You'll find the unpacked contents under /tmp, whatever they
>>> are. Follow the instructions you'll probably find in a
>>> README.TXT file, or such. You are strongly advised to be
>>> extremely careful about what code you're willing to run --
>>> doubly so if the instructions call upon you to do anything
>>> with root-user authority.
>
>>Try compiling a package sometime *without* root authority - won't
>>happen
>
> I wonder if you are having problems given that English is not your
> primary language. Otherwise, please identify such packages that won't
> _COMPILE_ as an ordinary user. There is a difference in the meaning
> of the words _compile_ and _install_
>
> Just for your understanding:
>
> [compton ~]$ grep builder /etc/passwd
> builder:x:65523:65523:Software Building
> account:/usr/local/src:/bin/bash [compton ~]$ grep builder /etc/group
> builder:*:65523:builder
>
> Those are not distribution or UNIX standard accounts. They are on our
> systems because a software auditor from corporate recommended them.
> Neither user or group accounts own ANY other files/directories. The
> user has permissions of 'others' which is to say they can write to
> /tmp/ and /usr/tmp (other than their home directory) and that is all.
>
> Tarballs are unpacked in /usr/local/src/ then audited and built there.
> If the software does not _require_ root permission to _run_ (for
> example, it's not opening a network socket), then the software is test
> run from the source directory by the 'builder' user, so that if
> something goes horribly wrong, 'builder' is the only user effected.
> Only when things are correct is root needed to _install_ the software
> so that regular users can then run it.
>
> We've been using this method WITHOUT PROBLEMS for over twenty years -
> yes, that predates Linux.
>
>>- are you making this up as you go?
>
> I have to ask YOU that question.
>
> Old guy

The name of this group is comp.os.LINUX.setup - any other *nix's are
irrelevant and OT.

--
(setq (chuck nil) car(chuck) )

Rick Moen <rick@linuxmafia.com> wrote in
news:46b6d$44cfe71e$c690c3ba$28835@TSOFT.COM:

> chuckcar <chuck@nil.car> wrote:
>> Rick Moen <rick@linuxmafia.com> wrote in
>> news:4f88$44ce8e32$c690c3ba$4383@TSOFT.COM:
>>
>>> Step 3. If you're _very sure_ your distribution does not offer a
>>> packaged version of that software, then
>>> a) if it's "something.tar.gz", then open a shell and do:
>>> $ cp something.tar.gz /tmp
>>> $ cd /tmp
>>> $ tar xvzf something.tar.gz
>>> b) if it's "something.gz", then open a shell and do:
>>> $ cp something.gz /tmp
>>> $ cd /tmp
>>> $ gunzip something.gz
>>> You'll find the unpacked contents under /tmp, whatever they
>>> are. Follow the instructions you'll probably find in a
>>> README.TXT file, or such. You are strongly advised to be
>>> extremely careful about what code you're willing to run --
>>> doubly so if the instructions call upon you to do anything
>>> with root-user authority.
>>>
>>>
>>>
>> Try compiling a package sometime *without* root authority - won't
>> happen - are you making this up as you go?
>
> I think you're more than a little confused: I was describing the
> general method for compiling (upstream) tarballs, not packages.
>
>
> Since you raise the subject, however, there _are_ in fact standard
> methods for compiling packages for various distributions without root
> authority. On Debian & similar, you use the "fakeroot" package
> (http://packages.debian.org/stable/utils/fakeroot). On RPM-based
> systems, you must create appropriate files ~/.rpmmacros and ~/.rpmrc
> plus a basedir to use instead of /usr/src/redhat. Details here:
> http://www.techonthenet.com/linux/build_rpm.php
>
> In any event, you seem to have gone to great lengths to ignore and
> sail at top speed past my main point, which was that the original
> poster should _always_ stop and think twice before going outside
> his/her distro's packaging regime, think three times before just
> grabbing some code off the Net and running it, and four times before
> doing so as the root user.
>
> It's vital that we keep that meme alive with newcomers, I hope you'll
> agree. (It's true whether you agree or not, however. ;-> )
>

If the OP had reason to be worried about some software he got in some
manner - software *with* the *source* *code* would be necessarily *way*
down the list in any case.

--
(setq (chuck nil) car(chuck) )

chuckcar <chuck@nil.car> wrote (responding to Moe Trin):

> The name of this group is comp.os.LINUX.setup - any other *nix's are
> irrelevant and OT.

You're either trolling, or trying desparately to dredge up excuses for you
missepts, or a bit slow: Moe Trin's example was intended to illustrate
the general principle of how and why to build software without root
authority. That principle can be, and is, implemented with packaging
systems on Linux. I'd say that any packaging regime that _absolutely_
requires root authority just to compile and assemble a package is broken
-- and know of no examples of same.

Not even RPM. ;->

Rick Moen <rick@linuxmafia.com> wrote in
news:1fae1$44cffd05$c690c3ba$4489@TSOFT.COM:

> chuckcar <chuck@nil.car> wrote (responding to Moe Trin):
>
>> The name of this group is comp.os.LINUX.setup - any other *nix's are
>> irrelevant and OT.
>
> You're either trolling, or trying desparately to dredge up excuses for
> you missepts, or a bit slow: Moe Trin's example was intended to
> illustrate the general principle of how and why to build software
> without root authority. That principle can be, and is, implemented
> with packaging systems on Linux. I'd say that any packaging regime
> that _absolutely_ requires root authority just to compile and assemble
> a package is broken -- and know of no examples of same.
>
> Not even RPM. ;->
>
>

No, I'm not trolling, or any of the other disparaging - and unwarrented
comments on my character considering the use I've been in these three
groups, but the OP was warned - I believe in unwarranted circumstances
about the dangers of spyware/malware et al when the source code was
provided - something I can't see happening at all. Hence I was terse
with the respondent - perhaps a bit too much, but considering the
paranoia being transferred I think it was warranted.

--
(setq (chuck nil) car(chuck) )

On Tue, 01 Aug 2006, in the Usenet newsgroup comp.os.linux.setup, in article
<1fae1$44cffd05$c690c3ba$4489@TSOFT.COM>, Rick Moen wrote:

> chuckcar <chuck@nil.car> wrote (responding to Moe Trin):
>
>> The name of this group is comp.os.LINUX.setup - any other *nix's are
>> irrelevant and OT.

Would it make you feel it's more on topic if I had written

We've been using this method in Linux WITHOUT PROBLEMS for over 13 years

which is also true. Perhaps you can learn from *nix experience that goes
back a bit further. "Those who forget the past are doomed to re-invent it,
badly". In case you aren't aware, the "Linux is not UNIX" foil has been
beaten to death in UNIX newsgroups, and most people ignore it as being
totally useless.

>You're either trolling, or trying desparately to dredge up excuses for
>you missepts, or a bit slow:

I think it's more "to quick to respond", and then not recognize that the
answer missed the mark for some reason. The SUID scripts question was a
perfect example.

>Moe Trin's example was intended to illustrate the general principle of how
>and why to build software without root authority.

We had it forced upon us, and it was greeted with considerable resistance,
until a friend at a neighboring company got toasted with a source file
that someone had gotten to. They were down for about 5 hours till they
could get the backups restored, and he nearly discovered how easy it was
to make a career ending move. The word went around our place _real_
quick, and "there was enlightenment".

Old guy

chuckcar <chuck@nil.car> wrote:

> No, I'm not trolling, or any of the other disparaging - and unwarrented
> comments on my character considering the use I've been in these three
> groups....

Goodness! I'll be glad to stress, at this point that (to my knowledge)
we're all friends, here.

> but the OP was warned - I believe in unwarranted circumstances
> about the dangers of spyware/malware et al when the source code was
> provided - something I can't see happening at all. Hence I was terse
> with the respondent - perhaps a bit too much, but considering the
> paranoia being transferred I think it was warranted.

That's all very well -- but you're changing the subject from what I was
saying, which was that dismissing and labelling "off-topic" Moe Trin's
well-taken and general point about building software without root
authority, for no better reason than him saying his technique predates
Linux, is just a bit irrational.

chuckcar <chuck@nil.car> wrote:

> If the OP had reason to be worried about some software he got in some
> manner - software *with* the *source* *code* would be necessarily *way*
> down the list in any case.

Retaining little worries about a piece of untrustworthy software you've
fetched from somewhere, for no better reason than having its source
code, is a truly _excellent_ way to fool yourself and shoot yourself in
the foot. The reasons should be obvious. If not, go and security-audit
the source code of the next five desktop applications you use. (For
extra fun, make sure they have to parse data from public networks, and
go over those input-validation routines carefully!)

Rick Moen wrote:
> Chris F.A. Johnson <cfajohnson@gmail.com> wrote:
>> On 2006-08-01, chuckcar wrote:
>
>>> Try compiling a package sometime *without* root authority
>>
>> Never compile as root.
>>
>>> - won't happen
>>
>> Of course it will; that is what you should do.
>>
>> You only need to be root to install the package.
>
> I say this with some trepidation, because it could be seen as a slam
> against our Scarlet Chapeau-wearing friends (and I do not so intend,
> nor do I engage in distro-bashing generally): There seems to be a
> very common misconception among (many) users of RPM-based
> distributions, and particularly of Red Hat [Enterprise] Linux, that
> one cannot build packages unless one is wielding root-user authority.

Agreed. But there are some security reasons: for example, the behavior of
LD_LIBRARY_PATH is different for mere mortal users than it is for root, and
it can be worth building as root to make sure you haven't incorporated any
dependencies on that variable. It can also help prevent someone slipping a
fascinating library into a local directory, to be compiled by the builder
and published as an RPM, and cause people to go nuts figuring out where it
came from.


> I'm every bit as guilty of this as most people: It's a bit of a pain
> in the neck to set up the build-dir and dotfile contents necessary to
> _avoid_ the need for root access -- and I'm actually typing this on an
> RHEL laptop where I, too, haven't bothered. (I did, then somehow lost
> the dotfile stuff, and hadn't redone it yet -- but hadn't needed to
> build RPMs recently, so I have an excuse.)

Yeah, and sometimes it breaks the compilation wihen you do it in the more
sensible, local user way.

>
> Anyhow, pro bono publico, I've just put a link up to a nice _short_
> piece on the subject in the RedHat page of my knowledgebase
> (http://linuxmafia.com/kb/RedHat/ ).

Nico Kadel-Garcia <nkadel@comcast.net> wrote:
> Rick Moen wrote:

>> I say this with some trepidation, because it could be seen as a slam
>> against our Scarlet Chapeau-wearing friends (and I do not so intend,
>> nor do I engage in distro-bashing generally): There seems to be a
>> very common misconception among (many) users of RPM-based
>> distributions, and particularly of Red Hat [Enterprise] Linux, that
>> one cannot build packages unless one is wielding root-user authority.
>
> Agreed. But there are some security reasons: for example, the behavior of
> LD_LIBRARY_PATH is different for mere mortal users than it is for root, and
> it can be worth building as root to make sure you haven't incorporated any
> dependencies on that variable.

Obligatory mention: LD_LIBRARY_PATH is bad.
http://www.visi.com/~barr/ldpath.html

> It can also help prevent someone slipping a
> fascinating library into a local directory, to be compiled by the builder
> and published as an RPM, and cause people to go nuts figuring out where it
> came from.

You know, if I have to worry about people slipping in a file into a 0700
build directory tree owned by me alone, I've got bigger problems than
the security of my build system. ;->