Improve root & user separation

[alexheretic]

Can we improve what bits of aurto are root or user?

Currently we require both concepts, the systemd timers run as root, so some root-owned config makes sense for them.

[Noeljunior]

From what I understand, you only need real root access for:

• pacsync aurto
• running any app that modifies a path out of user's home directory
  • like: /var/cache/pacman/aurto, /var/lib/aurbuild/x86_64

Am I right or did I miss something?

[alexheretic]

aurutils uses root fairly freely iirc, particularly for chroot builds. Currently the aurto repo files are all root and the update timers are root. Since the timer runs as root it must have root owned config & scripts to be secure. So that's why it is as it is.

I'd like everything to be in the home dir, but I'm not sure how best to do that.

I already have some passwordless rules for wheel in 50_aurto_passwordless. So we could put everything in home and add all the root commands here... But really I'd rather not have these either as they're potential security holes.

Maybe we can configure aurutils to not need root, use a home dir chroot directory etc?

[Noeljunior]

It's fairly easy to have timers or services run in non root. You can use systemctl start [email protected] or loginctl enable-linger approaches.

A bigger problem is, afaik, aurutils needs sudo (and uses it freely) because in the end it uses devtools which also expects to use sudo.

So, I also would go to a all user's home but I don't see how that's help.

If I remember something else, I'll let you know.

[marcthe12]

Well the problematic commands are arch-nspawn and mkchrootpkg(uses arch-nspwan underneath anyways). So we need to talk to devtools devs to investigate whether user namespaces could work(The only method to get systemd-nspawn,arch-nspawn is a wraper, to run unpriviledged)