[arch-general] Why is it dangerous to run makepkg as root?

Dimitris Zervas dzervas at dzervas.gr
Sat May 17 08:49:49 EDT 2014

>The second idea is that this advice should prevent the script from 
>*accidentally* damage my system. But this could be prevented by using
>(which is disabled when calling makepkg with --asroot according  to the
>manpage) or chroot. And actually the proper advice in this case should
>be to 
>execute makepkg using a user dedicated for this, as for most arch users
>would be worse if their personal file get deleted as if the system
I agree.
A good idea is to automatically change to a much more restricted user, used just for building (no shells, logins, etc.).
Chroot is too much of a hassle with, most of times, no point. You'll have to deal with dependent libs etc. etc. etc.
A good option here could be to hardlink/copy the files of the dependencies inside the chroot temporary in order to do the job.
But still, I think it's too much. You should check the scripts on your own...

More information about the arch-general mailing list