On 01/01/2014 06:25 PM, Eliezer Croitoru wrote: > Hey John, > > Thanks! > > On 02/01/14 02:14, John R Pierce wrote: >> Its the principle of least privilege. >> >> You don't need to be root to compile software, or to test software in a >> local directory, you only need root privileges to install it to a system >> directory. When you're developing, building, testing software, there's >> a very good chance of something going wrong, so if you are running as a >> non-root user, the potential damages are minimized. > OK so as long as I can understand the meaning of compiling as non-root > user is to be careful with your system. > > I would say that my conclusion is that if there is a very big system it > is better to let the root user which understand the meaning of this > system and to operate it. > > A simple testing machine which has error correction mechanism in it > should be OK. > > I can see couple issues from my mind and vision but it seems like most > software in CentOS will be safe to be compiled as root user.(I am > testing a tiny simple piece of software) > > To corrupt a system in a level which it cannot be recognized that you > have changed it you must be something like GOD or something in the same > level. Things like, if the RPM does not properly config the target during the build, instead of installing into $RPM_BUILDROOT and trying to package up the RPM, it might install it to /usr/lib/ accidentally, etc. Some software is written poorly. If we are talking CentOS / Red Hat / Fedora type packages then most of the time nowadays those SRPMs should be built inside of mock anyway to get a clean buildroot.
Attachment:
signature.asc
Description: OpenPGP digital signature
_______________________________________________ CentOS mailing list CentOS@xxxxxxxxxx http://lists.centos.org/mailman/listinfo/centos
