What combination of USE flags work for you ? - Page 5

06-15-2009

#41 (permalink)

i92guboj

Linux Engineer

Join Date: Nov 2007

Location: Córdoba (Spain)

Posts: 1,495

Quote:

Originally Posted by saivin

Btw, why the make.conf is readable only by root? Whats so secretive about it? Infact, even 'sudo' didnot have permission, had to use 'su'.

There's nothing that a casual attacker with a shell account on our box could use to do any real harm into our system. At least, not directly. However, it's possible to see what support is there in -let's say- php, so you can plan a better attack against the web server. But by the time someone has a shell account I think that's the lesser of your problems.

Mine has 644 permissions, so it's world readable. Note that lots of programs that can be run as a regular user will need to read it (porthole and similar portage managers, for example, besides other userland tools like equery).

I don't remember if these permissions were there on the stage file, or if I set them manually, to be sincere. But there's no problem in setting them if they are not there.

06-15-2009	#42 (permalink)
saivin Linux User Join Date: Dec 2008 Location: Bengaluru, India Posts: 292	Ok, your explanation makes things little clearer. But I have doubt regarding different behaviour by 'sudo' and 'su'. Will open a new thread if google does not help __________________ A candle looses nothing by lighting other candles. - Khalil Zibran. Registered Linux User #490076

06-15-2009

#43 (permalink)

i92guboj

Linux Engineer

Join Date: Nov 2007

Location: Córdoba (Spain)

Posts: 1,495

Quote:

Originally Posted by saivin

Ok, your explanation makes things little clearer. But I have doubt regarding different behaviour by 'sudo' and 'su'. Will open a new thread if google does not help

I can't help with that. I know how to configure and use sudo at a basic level, but I never liked it and know very little about its inner working, and less about its difference with su.

06-15-2009	#44 (permalink)
Jonathan183 Linux Guru Join Date: Oct 2007 Posts: 2,410	I must confess I'm a bit of a sudo fan ... the reason - I have control over access by all users, by application ... my regular user accounts don't need root rights so they don't have them. My regular admin user only needs to be able to run emerge ... actually if I needed I could restrict this to Code: sudo emerge --sync sudo emerge -avuDN world if I wanted to ... it's not that I don't trust the admin - well maybe since it's me ... but the point is I don't need to run everything as root. The default sudo allow everything just enter a password does not give anything more than su - but using it properly gives fine control over access. ... I use conky and want to know latest sync so I give regular user ability to Code: sudo cat /var/log/emerge.log and thats it ... can pick everything I need for display but much better control than su seems to give I have adopted to approach of lock everything and just unlock what is needed rather than the allow everything ... sudo lets me do that btw I think by default /etc/make.conf is world readable ... check tarball (I'll check next time I boot Gentoo). Ed: for ls /etc/make.conf I get ... Code: -rw-r--r-- 1 root root 1121 Jun 7 22:29 /etc/make.conf

09-03-2009

#45 (permalink)

Jonathan183

Linux Guru

Join Date: Oct 2007

Posts: 2,410

Quote:

Originally Posted by gruven

I like to customize my builds as I see fit, and I have some in /etc/portage/package.use/files.

I also like to specify different directories for my distfiles, packages, etc... because I can switch between funtoo and portage easily as my mind sees fit (not just switch branches, but remove /usr/portage and download a new tarball and not lose anything.

I have been using Gentoo for quite a few years now, and I can handle the instability in funtoo, although it is actually quite stable.

curiosity got the better of me so I installed Funtoo to a spare partition using my existing Gentoo install. Actually running them on separate partitions at the moment ...

couldn't get emerge --sync to work until I compiled the kernel and booted into funtoo ... anyway I have it working for the moment

. Pinched a few entries from your previous post ... anyway at the moment running with ...

Code:

# These settings were set by the metro build script that automatically built this stage.
# Please consult /etc/make.conf.example for a more detailed example.

ACCEPT_KEYWORDS="~x86"
CHOST="i686-pc-linux-gnu"
CFLAGS="-O2 -march=athlon-xp -pipe"

# info below originally from gentoo make.conf
#CFLAGS="-O2 -march=i686 -pipe"
#CXXFLAGS="-O2 -march=i686 -pipe"
#CHOST="i686-pc-linux-gnu"

### wanted flags
USE="alsa audio branding cairo cdr clamav dbus
dvd dvdr fam firefox flac gif gtk hal ieee1394 imlib jpeg 
mp3 mad nls ogg opengl pdf png qt4 qt3 raw svg ssl trash-plugin
spell spl symlink tiff truetype usb vorbis 
X xine"

### unwanted flags
USE="$USE -esd -gnome -msn -pcmcia -xinerama -yahoo -kde"

INPUT_DEVICES="evdev keyboard mouse"
VIDEO_CARDS="nvidia"
LINGUAS="en_GB"

GENTOO_MIRRORS="ftp://gentoo.virginmedia.com/sites/gentoo http://www.mirrorservice.org/sites/www.ibiblio.org/gentoo"
SYNC="rsync://rsync.europe.gentoo.org/gentoo-portage"

# added gtk for thunar plugins
# added dbus and trash-plugin for thunar

# configure features 25 Aug 09 added parallel-fetch userfetch
FEATURES="parallel-fetch userfetch"
# increase clean delay from default 5 seconds to 30 seconds
CLEAN_DELAY="30"
# resync show progress of bar for each file
PORTAGE_RSYNC_EXTRA_OPTS="--progress"

###############################################
##### info below for distcc only
# temp addition for distcc
#MAKEOPTS="-j2"
#add to FEATURES="distcc" for distcc compiles
###############################################

... not sure I'll be sticking with the 30 second countdown when running emerge --depclean I set though

10-11-2009	#46 (permalink)
ursusca Just Joined! Join Date: Dec 2008 Posts: 71	I found benefits to use a profile. The server and desktop profiles intended to provide an easy starting point for server or desktop installs. It have the USE flags preset that you need for a server or a desktop.

10-16-2009

#47 (permalink)

Jonathan183

Linux Guru

Join Date: Oct 2007

Posts: 2,410

Quote:

Originally Posted by ursusca

I found benefits to use a profile. The server and desktop profiles intended to provide an easy starting point for server or desktop installs. It have the USE flags preset that you need for a server or a desktop.

I started using the desktop profile quite recently, set using eselect after an update complained about USE flag settings and suggested setting the profile to desktop to cure the issue. I don't intend doing a re-install ... but if I do at some point in future and I remember I will try setup with defaults and setting profile to desktop just to see how I get on. Having tried that I will still probably set things to match one of my existing setups ... because there are some things I want to work and others I want to leave out - Gentoo have no way of knowing I use fluxbox or icewm rather than gnome or kde.

Have you tried the default make.conf USE settings, setting the profile to desktop and installing a full system? did it work first time and you could run a depclean and revdep-rebuild without changing USE flags?

10-17-2009	#48 (permalink)
MikeTbob Trusted Penguin Join Date: Apr 2006 Location: Panther City, Tx Posts: 4,100	I've always used a Desktop profile, then add or remove flags as I needed them. I don't hardly even bother with package use flags, I just pile them all into make.conf. __________________ I do not respond to private messages asking for help. Please keep it on the forums only.

4 Weeks Ago

#49 (permalink)

ursusca

Just Joined!

Join Date: Dec 2008

Posts: 71

Quote:

Originally Posted by Jonathan183

...Have you tried the default make.conf USE settings, setting the profile to desktop and installing a full system? did it work first time and you could run a depclean and revdep-rebuild without changing USE flags?

Hi,

Unfortunately it didn't .

Are you a Linux Guru who is willing to share your in-depth Linux knowledge? Try our new Article submission system.