On 2026/05/14 09:03, Janne Johansson wrote:
> If you start a ports build as root, it will drop privs to the _pfetch
> and _pbuild user for the respective steps, where the _pbuild user is
> disallowed to talk network if you use default pf rules.

That's not correct.

Ports in general is *not* setup to be started as root.


> Den ons 13 maj 2026 kl 17:20 skrev Lisper <lispy888@gmail.com>:
> >
> > Instructions to fetch and build a port as a regular user are documented in bsd.port.mk(5) but when trying to set PORTS_PRIVSEP as explained in the manpage, all went wrong. I must have missed something.
> >
> > The install process is reserved to privileged users or root, which is right, no problem.
> >
> > But a step-by-step recipe for fetching and building ports as unprivileged user would be welcome.

in mk.conf, set PORTS_PRIVSEP=Yes, set SUDO to your choice (on ports dev
boxes I normally use sudo -E), then either set permissions on the various dirs
yourself or run "make fix-permissions" in a port subdir as root.

The user that you start the build as will want 'nopasswd' access to run
things as _pbuild and _pfetch, for example like this in sudoers

username ALL = SETENV: ALL
username ALL = (_pbuild) NOPASSWD: ALL, (_pfetch) NOPASSWD: ALL