On 2025/11/10 13:29, Walter Alejandro Iglesias wrote:
> On Mon, Nov 10, 2025 at 11:56:25AM +0000, Stuart Henderson wrote:
> > doas doesn't work very well with this, and "persist" intentionally does not 
> > pass 'upwards'.
> > 
> > on systems which are mainly setup for ports development I'll use "SUDO=sudo 
> > -E".
> > 
> > on those where I might just build something once in a while I'll allow my 
> > own user to run things as _pbuild/_pfetch without adding, and just deal 
> > with routing in the password a few times for installs.
> 
> In my case, for example, when compiling mplayer just now, I had to enter
> the password about two hundred times. :-)
> 
> > 
> > permit nopass keepenv sthen as _pfetch
> > permit nopass keepenv sthen as _pbuild
> 
> I've already tried this.  I'll try once more time using "sudo" as you
> recommend me.
> 
> > 
> > "leave the permissions as they are and work as root" even if you choose to 
> > ignore how dangerous this is (you should regard the system as potentially 
> > compromised if you do this, and I wouldn't like to assume that building in 
> > a guest VM would protect the hypervisor OS either),
> 
> Could you give me an example of what you mean by "dangerous", please?

You are running at least hundreds of thousands of lines of code, which
nobody is looking at all that carefully, as root.

Even just the average autoconf script is 20k lines.

> > some ports will not 
> > build (or not build correctly) if done as root.
> 
> I would also appreciate an example of this, if it's not too much
> trouble.

I don't remember.