svn commit: r40974 - head/en_US.ISO8859-1/articles/portbuild
Mark Linimon
linimon at FreeBSD.org
Fri Feb 15 14:53:39 UTC 2013
Author: linimon
Date: Fri Feb 15 14:53:38 2013
New Revision: 40974
URL: http://svnweb.freebsd.org/changeset/doc/40974
Log:
Move the privsep section up to the top of the document. No textaul change.
Modified:
head/en_US.ISO8859-1/articles/portbuild/article.xml
Modified: head/en_US.ISO8859-1/articles/portbuild/article.xml
==============================================================================
--- head/en_US.ISO8859-1/articles/portbuild/article.xml Fri Feb 15 14:49:56 2013 (r40973)
+++ head/en_US.ISO8859-1/articles/portbuild/article.xml Fri Feb 15 14:53:38 2013 (r40974)
@@ -158,6 +158,51 @@
found in CVS</ulink>.</para>
</note>
</sect2>
+
+ <sect2 id="pointyhat-privsep">
+ <title>Notes on privilege separation</title>
+
+ <para>As of January 2013, a rewrite is in progress to further separate
+ privileges. The following concepts are introduced:</para>
+
+ <itemizedlist>
+ <listitem>
+ <para>Server-side user <username>portbuild</username> assumes all
+ responsiblity for operations involving builds and communicating
+ with the clients. This user no longer has access to
+ <application>sudo</application>.</para>
+ </listitem>
+
+ <listitem>
+ <para>Server-side user <username>srcbuild</username> is created
+ and given responsiblity for operations involving both VCS
+ operations and anything involving src builds for the clients.
+ This user does not have access to
+ <application>sudo</application>.</para>
+ </listitem>
+
+ <listitem>
+ <para>The server-side
+ <literal>ports-</literal><replaceable>arch</replaceable>
+ users go away.</para>
+ </listitem>
+
+ <listitem>
+ <para>None of the above server-side users have
+ <application>ssh</application> keys. Individual
+ <literal>portmgr</literal> will accomplish all those
+ tasks using <application>ksu</application>. (This is
+ still work-in-progress.)</para>
+ </listitem>
+
+ <listitem>
+ <para>The only client-side user is also named
+ <username>portbuild</username> and still has access to
+ <application>sudo</application> for the purpose of managing
+ jails.</para>
+ </listitem>
+ </itemizedlist>
+ </sect2>
</sect1>
<sect1 id="management">
@@ -2428,51 +2473,6 @@ zfs destroy -r a/snap/src-<replaceable>o
<para>Please talk to Mark Linimon before making any changes
to this section.</para>
- <sect2 id="pointyhat-privsep">
- <title>Notes on privilege separation</title>
-
- <para>As of January 2013, a rewrite is in progress to further separate
- privileges. The following concepts are introduced:</para>
-
- <itemizedlist>
- <listitem>
- <para>Server-side user <username>portbuild</username> assumes all
- responsiblity for operations involving builds and communicating
- with the clients. This user no longer has access to
- <application>sudo</application>.</para>
- </listitem>
-
- <listitem>
- <para>Server-side user <username>srcbuild</username> is created
- and given responsiblity for operations involving both VCS
- operations and anything involving src builds for the clients.
- This user does not have access to
- <application>sudo</application>.</para>
- </listitem>
-
- <listitem>
- <para>The server-side
- <literal>ports-</literal><replaceable>arch</replaceable>
- users go away.</para>
- </listitem>
-
- <listitem>
- <para>None of the above server-side users have
- <application>ssh</application> keys. Individual
- <literal>portmgr</literal> will accomplish all those
- tasks using <application>ksu</application>. (This is
- still work-in-progress.)</para>
- </listitem>
-
- <listitem>
- <para>The only client-side user is also named
- <username>portbuild</username> and still has access to
- <application>sudo</application> for the purpose of managing
- jails.</para>
- </listitem>
- </itemizedlist>
- </sect2>
-
<sect2 id="pointyhat-basics">
<title>Basic installation</title>
More information about the svn-doc-all
mailing list