pkgsrc for
unprivileged users
The traditional pkgsrc environment
- Build the packages as root.
- Install everything into /usr/pkg.
- Configuration files go to /etc.
- Some packages require additional system users.
The mixed environment
- The packages are built by an unprivileged user.
- The installation phase is done by calling su(1) just-in-time.
- Packages can still execute arbitrary code as root.
- Side blow: chroot(2) ;)
Most packages ...
- don't care whom their files belong to.
- can be installed by just copying files into ${LOCALBASE}.
- don't need to be built as root.
- don't need to be installed as root.
- run arbitrary code during the build process.
Using pkgsrc: bootstrapping
- Only one change to the »normal« build.
- $PKGSRCDIR/bootstrap/bootstrap --unprivileged
- Now everything happens in ${HOME}/pkg.
Using pkgsrc: building
- It's as simple as ever:
- cd $PKGSRCDIR/meta-pkgs/kde3
- ~/pkg/bin/bmake package clean
Does it really work?
- Yes, more than 5700 packages can already be built.
- It also works on platforms other than NetBSD.
- I've been using it for some months now.
Building /usr/pkg as unprivileged user
- Create a user pkgsrc.
- Extract pkgsrc.
- # install -d -o pkgsrc -g users /usr/pkg
- $ ./bootstrap/bootstrap --unprivileged --prefix=/usr/pkg
- Almost everything works (as above).
Things that don't work
- mail/qmail, security/sudo, etc.
- games that have highscore files, unless you are in the games group.
- packages that need additional system users.
- packages that need the set-uid bit.
- some packages still have the /var directory hard-coded.
- binary distributions (difficult)
See also
- http://wiki.NetBSD.se/index.php/Using_pkgsrc_as_unprivileged_user