View previous topic :: View next topic |
Author |
Message |
Slippery Jim Apprentice
Joined: 08 Jan 2005 Posts: 264
|
Posted: Mon Dec 17, 2012 3:51 am Post subject: running emerge as a normal user |
|
|
I'm emerging a bunch of stuff into a $ROOT for another system, and I'd like to be able to do it without being root myself, but emerge won't let me do it.
Code: |
james@Rainsong ~ $ emerge --config-root=software/config --root=$HOME/tmp -v system
emerge: superuser access is required
|
I have a target specific /etc/portage directory in software/config, and I own the $ROOT path.
How do I tell emerge to do it anyway? |
|
Back to top |
|
|
Hu Moderator
Joined: 06 Mar 2007 Posts: 21431
|
Posted: Mon Dec 17, 2012 4:35 am Post subject: |
|
|
Even though you own that directory, running emerge as a regular user will cause problems. Files installed into that hierarchy will all be owned by you, rather than having the normal mix of root and non-root ownership. |
|
Back to top |
|
|
Slippery Jim Apprentice
Joined: 08 Jan 2005 Posts: 264
|
Posted: Mon Dec 17, 2012 5:17 am Post subject: |
|
|
I wonder if I can use -B to build binary packages, and then su to root to install them?
Just out of curiosity, are there many ebuilds that have files with varied ownership? |
|
Back to top |
|
|
DaggyStyle Watchman
Joined: 22 Mar 2006 Posts: 5909
|
Posted: Mon Dec 17, 2012 6:13 am Post subject: |
|
|
whats wrong with using sodu? _________________ Only two things are infinite, the universe and human stupidity and I'm not sure about the former - Albert Einstein |
|
Back to top |
|
|
Slippery Jim Apprentice
Joined: 08 Jan 2005 Posts: 264
|
Posted: Mon Dec 17, 2012 6:36 am Post subject: |
|
|
I don't have root on the build system that I ultimately will have to do this on.
Incidentally, I tried building packages only, but I ran into a problem; I ran the following command, as a normal user and also as root on my home system:
Code: |
PKGDIR=/home/james/software/gentoo-subdir/pkg emerge -vB gawk
|
It failed as a normal user and succeeded as root. The failure message was:
Code: |
./usr/share/man/
./usr/share/man/man1/
./usr/share/man/man1/gawk.1.bz2
./usr/share/man/man1/awk.1.bz2
tar: ./usr/share/man/man1/pgawk.1.bz2: Cannot open: Too many levels of symbolic links
./usr/share/man/man1/igawk.1.bz2
tar: Exiting with failure status due to previous errors
* ERROR: sys-apps/gawk-4.0.1 failed (package phase):
|
I find this strange because the file Code: | ./usr/share/man/man1/awk.1.bz2 | is also a symlink, but it got tarred up just fine.
I have no idea what's going on here. |
|
Back to top |
|
|
DaggyStyle Watchman
Joined: 22 Mar 2006 Posts: 5909
|
Posted: Mon Dec 17, 2012 6:50 am Post subject: |
|
|
you don't need root, just ask the admin to update /etc/sudoers do you can run emerge. _________________ Only two things are infinite, the universe and human stupidity and I'm not sure about the former - Albert Einstein |
|
Back to top |
|
|
Slippery Jim Apprentice
Joined: 08 Jan 2005 Posts: 264
|
Posted: Mon Dec 17, 2012 6:54 am Post subject: |
|
|
Wouldn't I be running emerge as root then? |
|
Back to top |
|
|
DaggyStyle Watchman
Joined: 22 Mar 2006 Posts: 5909
|
Posted: Mon Dec 17, 2012 7:28 am Post subject: |
|
|
Slippery Jim wrote: | Wouldn't I be running emerge as root then? |
yes, think of this like that, in order to run emerge you need to have write access to important sections of the os, the linux design is that only root will be able to write to there.
this begs the question, why do you want to be able to install programs a normal user? _________________ Only two things are infinite, the universe and human stupidity and I'm not sure about the former - Albert Einstein |
|
Back to top |
|
|
eccerr0r Watchman
Joined: 01 Jul 2004 Posts: 9601 Location: almost Mile High in the USA
|
Posted: Mon Dec 17, 2012 7:41 am Post subject: |
|
|
Unfortunately some packages do chmod some stuff to root before it saves it all into the archive, also some packages have special users and need special owners for certain directories...
Think the only thing that's sure fire is to get a VM for your account, maybe even something like User Mode Linux and do your emerges inside there. _________________ Intel Core i7 2700K/Radeon R7 250/24GB DDR3/256GB SSD
What am I supposed watching? |
|
Back to top |
|
|
Slippery Jim Apprentice
Joined: 08 Jan 2005 Posts: 264
|
Posted: Mon Dec 17, 2012 7:48 am Post subject: |
|
|
DaggyStyle wrote: |
why do you want to be able to install programs a normal user? |
I want to build an image for a different system than the machine I'll be building it on.
I can do anything I want in my own home directory, but the rest of the build system is hands-off.
So getting sudo access to emerge is probably unacceptable because I could do something like:
Code: | sudo emerge -C glibc |
and that would be problematic.
What Hu said above about owner permissions being wrong is probably something I could deal with, since I only see it being a problem for suid programs anyway.
EDIT: Cancel last: I can see other problems with wrong owners.
However, shouldn't it be fine when building a binpkg, since the correct owners and permissions can be set when it gets tarred up? |
|
Back to top |
|
|
DaggyStyle Watchman
Joined: 22 Mar 2006 Posts: 5909
|
Posted: Mon Dec 17, 2012 8:01 am Post subject: |
|
|
Slippery Jim wrote: | DaggyStyle wrote: |
why do you want to be able to install programs a normal user? |
I want to build an image for a different system than the machine I'll be building it on.
I can do anything I want in my own home directory, but the rest of the build system is hands-off.
So getting sudo access to emerge is probably unacceptable because I could do something like:
Code: | sudo emerge -C glibc |
and that would be problematic.
What Hu said above about owner permissions being wrong is probably something I could deal with, since I only see it being a problem for suid programs anyway.
EDIT: Cancel last: I can see other problems with wrong owners.
However, shouldn't it be fine when building a binpkg, since the correct owners and permissions can be set when it gets tarred up? |
why not use a cross compiler? see crossdev, http://dev.gentoo.org/~vapier/CROSS-COMPILE-HOWTO _________________ Only two things are infinite, the universe and human stupidity and I'm not sure about the former - Albert Einstein
Last edited by DaggyStyle on Mon Dec 17, 2012 8:03 am; edited 1 time in total |
|
Back to top |
|
|
Slippery Jim Apprentice
Joined: 08 Jan 2005 Posts: 264
|
Posted: Mon Dec 17, 2012 8:02 am Post subject: |
|
|
Anybody know what's going on with that tar error mentioned above? |
|
Back to top |
|
|
Slippery Jim Apprentice
Joined: 08 Jan 2005 Posts: 264
|
Posted: Mon Dec 17, 2012 8:09 am Post subject: |
|
|
DaggyStyle wrote: |
why not use cross compiler? |
How would that help? |
|
Back to top |
|
|
The Doctor Moderator
Joined: 27 Jul 2010 Posts: 2678
|
Posted: Mon Dec 17, 2012 8:10 am Post subject: |
|
|
That begs the question why are you trying to administer a system without administrative privileges? If this is just a temporary arrangement, sudo access could be removed once your complete your work. If no one trusts you, then you may as well send the admin a list of packages to install.
Or you could be given access to a script via sudo that runs emerge, but only for instillations. Maybe something like this Code: | #!/bin/bash
echo "I am watching you!"
echo "user is emerging " + $1 >> logfile.txt
emerge -av $1 |
Where you do not own logfile.txt or the script. _________________ First things first, but not necessarily in that order.
Apologies if I take a while to respond. I'm currently working on the dematerialization circuit for my blue box. |
|
Back to top |
|
|
DaggyStyle Watchman
Joined: 22 Mar 2006 Posts: 5909
|
Posted: Mon Dec 17, 2012 8:23 am Post subject: |
|
|
Slippery Jim wrote: | DaggyStyle wrote: |
why not use cross compiler? |
How would that help? |
ok, I see what can be the misunderstanding here, please define "different system".
is the system is same arch, use chroot to build an entire system, if the system is different arch, you'll need a crosscompiler + chroot. _________________ Only two things are infinite, the universe and human stupidity and I'm not sure about the former - Albert Einstein |
|
Back to top |
|
|
Slippery Jim Apprentice
Joined: 08 Jan 2005 Posts: 264
|
Posted: Mon Dec 17, 2012 9:14 am Post subject: |
|
|
The Doctor wrote: | That begs the question why are you trying to administer a system without administrative privileges? If this is just a temporary arrangement, sudo access could be removed once your complete your work. If no one trusts you, then you may as well send the admin a list of packages to install.
Or you could be given access to a script via sudo that runs emerge, but only for instillations. Maybe something like this Code: | #!/bin/bash
echo "I am watching you!"
echo "user is emerging " + $1 >> logfile.txt
emerge -av $1 |
Where you do not own logfile.txt or the script. |
It's possible I could fat-finger a command and mess something up, but I was thinking more along the lines of a buggy ebuild breaking out of the sandbox and touching the live system. Don't know if that can still happen, but it's less likely if it's running without privileges.
The script idea is interesting. I hadn't thought of that. Thanks for the new idea!
I guess I'm not really administering a system so much as I'm imaging a system. I'm using the gentoo based build machine as a meta-dist, to put together something else, that is not necessarily a full-on gentoo system.
I was originally thinking I could mount the target's root partition over the network, and just emerge into it, but I see now, how the problem with setting file ownership is a showstopper. I think building binary packages is the way to go, since it takes care of the file ownership problem, and I can build them as a normal user. I can even do all this locally, without network mounts. Then, I can set up a standalone install node on the network, or even a USB install stick or something, to separate the installation process from the development machines. That way, the dev nodes are always protected.
Yeah, this might actually work, if we can figure out what's wrong with emerge and tar, as related to that symlink error cited above. Anyone have an idea? |
|
Back to top |
|
|
Genone Retired Dev
Joined: 14 Mar 2003 Posts: 9501 Location: beyond the rim
|
Posted: Mon Dec 17, 2012 10:41 am Post subject: |
|
|
Note that using $ROOT can still modify the live system, as build dependencies will go to /. So if you don't want to touch the live system do a real chroot install (still requires root permissions though). |
|
Back to top |
|
|
Slippery Jim Apprentice
Joined: 08 Jan 2005 Posts: 264
|
Posted: Mon Dec 17, 2012 5:25 pm Post subject: |
|
|
Genone wrote: | Note that using $ROOT can still modify the live system, as build dependencies will go to /. So if you don't want to touch the live system do a real chroot install (still requires root permissions though). |
Good point. I suppose, if I need a build dep that isn't already on the main system, the solution would be to install it in into a prefix in my home directory.
This brings back the issue of file ownership again...
Also, The tar symlink error seems to be related to one of the emerge FEATURES flags:
Code: |
FEATURES="fakeroot userpriv usersandbox usersync"
|
I'll update when I know more...
EDIT: seems to be a problem with the fakeroot utility. |
|
Back to top |
|
|
|