/usr/src permissions

[jb82]

As /usr/src typically is owned by root, as in

drwxr-xr-x  27 root wheel   47B Jul 17 19:42 src

how do you compile the kernel? As root, or you fiddle with permissions? What's the recommended strategy?

 

[SirDice]

Why do you think you need to fiddle with permissions? /usr/src/ can be entirely read-only. Intermediate files are saved to /usr/obj/, or more specifically MAKEOBJDIRPREFIX.

     MAKEOBJDIRPREFIX  Defines the prefix for directory names in the tree of
                       built objects.  Defaults to /usr/obj if not defined.
                       This variable should only be set in the environment or
                       /etc/src-env.conf and not via /etc/make.conf or
                       /etc/src.conf or the command line.

build(7)

 

[jb82]

Why do you think you need to fiddle with permissions? /usr/src/ can be entirely read-only. Intermediate files are saved to /usr/obj/, or more specifically MAKEOBJDIRPREFIX.

Yeah, thanks, I see. But what about updating that via git, still would need to run it as root git -C /usr/src pull, or not?

 

[cracauer@]

My /usr/src and /usr/obj are owned by me. That way I can operate git on src and I can do buildworld and buildkernel as my user.

Git is complex software with a large attack surface. Generally you shouldn't run it as root. Probably OK for the FreeBSD trees but anyway.

 

[jb82]

My /usr/src and /usr/obj are owned by me. That way I can operate git on src and I can do buildworld and buildkernel as my user.

Git is complex software with a large attack surface. Generally you shouldn't run it as root. Probably OK for the FreeBSD trees but anyway.

Exactly. Typing something like doas git ... feels very uncomfortable.

 

[Cath O'Deray]

My /usr/src and /usr/obj are owned by me.

Yep,

% eza -dl /usr/doc /usr/obj /usr/ports /usr/src
drwxr-xr-x - grahamperrin  4 May 20:56 /usr/doc
drwsr-xr-x - grahamperrin  4 Jan 00:46 /usr/obj
drwxr-xr-x - grahamperrin 19 Jul 23:19 /usr/ports
drwxr-xr-x - grahamperrin 19 Jul 01:56 /usr/src
%

That way I can operate git on src and I can do buildworld and buildkernel as my user. …

I occasionally found it necessary to change ownership in two areas:

chown -vR grahamperrin /usr/obj/usr/src/amd64.amd64/sys/GENERIC-NODEBUG/usr/ports/ ; chown -vR grahamperrin /usr/obj/usr/src/amd64.amd64/sys/GENERIC/usr/ports/

I couldn't figure out what caused the unwanted ownership, it wasn't a big deal. (I no longer build from source, I'm not seeking an explanation.)