Reading around, it seems it's inadvisable to compile packages as root. However, this is something I've always done since I thought one needed to be root for the .txz to be dropped into /tmp. All my packages were therefore compiled as root.

Is this an issue? All my computers are single-user systems and I never have to make changes to any of the packages.

EDIT: I should clarify, when I say 'compiling packages', I mean Slackbuilds.

it is dangerous. You download something and run something as root and you will never recognize if your system was damaged. Additionally some tools may not work properly if started by root.

So if something is compiled as root it automatically runs as root?

no, the building itself executed as root and may contain anything...

Understood. What about sbopkg? Does not sbopkg compile as root [since it has to be run as root to work]?

It's more that the makefile/build is run as root, so any commands in the makefile, or the ./configure script etc. will be run as root and have no restrictions on what they can do. There's plenty of scope for either damage due to error (more likely) or maliciousness (less likely).

I build a lot of my own slackbuilds as non-root. I use a wrapper script around makepkg that does all the stuff that requires superuser, everything else is run by a non-privileged user. Some makefiles may need further modification to support this though, so it's not always straight forward.

Other approaches include using 'fakeroot' (which uses some LD_PRELOAD shenanigans that I'm not personally a fan of).

The common approach in slackware circles is to just run builds as 'root'. I guess the rationale is that the SBo guys have already determined that there will be no harm from running their slackbuilds.

2 members found this post helpful.

You can build all slackbuilds packages as non-root - but then it requires little more job to create package - due to files permission. Also people here build with fake-root. The only point one requires root privileges is to build Slackware package. But subject was discussed many times. With the same conclusion: it does not matter.

1 members found this post helpful.

I compile packages with my normal user account and install them in ~/.local

This precludes any possible damage to the system. The packages work for one user (me).

I have my .bash_login point to ~/.local

Ed

4 members found this post helpful.

http://slackbuilds.org/faq/#root

See #11.

5 members found this post helpful.

Thanks, good to know. I'll consider this solved.

It all depends if you trust the people who wrote and checked the build script. I don't trust myself, so I run the ones I have written or edited as didier using fakeroot. There are a very few cases where it's not technically possible or easy, then I try to be more careful and run them as root.

You can also use sandbox to compile as root and it should block most potentially malicious things from happening with a verbose warning or error.

You can also consider using git://urchlay.naptime.net/sbostuff.git. This repository contains several helper scripts for working with slacbkuilds. For example, the following command will download source tarball as specified in .info file, validate its md5sum and run slackbuild script:
If slackbuilds script performs some fishy activities you receive the warning. Say I add this line to slackbuild script:
I get this warning from sbrun:
It also blocks access to the network, for example 'wget linuxquestions.org' results in:

1 members found this post helpful.