variant symlinks (was Re: Anybody working on removing sendmail from base?)

Mike Porter mupi at
Thu Oct 2 01:31:28 PDT 2003

Hash: SHA1

On Wednesday 01 October 2003 08:57 pm, Chris Pressey wrote:
> On Wed, 1 Oct 2003 17:47:44 -0600

> What if I have users that I don't want to run gcc at all?  Granted,
> today I would set up groups and make gcc group-executable only - but
> this VFS-viewfs way seems much more elegant, because they wouldn't even
> have to know gcc exists.

I wasn't considering this.  however, for those users, even under VFS, all they 
have to do is 'install' the port (however we define install) and they get it 
back.  It really isn't any different using symlinks, except...if you have 
already installed all the versions, you can use gids to prevent execution of 
all installed versions.  VFS could (it seems) simply create a local copy of 
gcc, in the user's home directory, if necessary, bypassing any restrictions 
(OK, I guess if the user is putting gcc in their home directory anyway, it is 
a moot point, they would be able to do THAT regardless of vfs or symlinks.

> > To me, the idea of a program being unavailable
> > means that no matter what I do as the user, I will never see/know that
> > the program is installed.  This to me is overkill.
> It IS overkill, for package management.  But it's not just for package
> management, right?  Done correctly, it could unify a number of disparate
> mechanisms currently in place.  chroot, for one.

That's why ultimately doing both is a good idea.  VFS certainly has its place, 
and will work well for a lot things.  variant symlinks will do a lot of the 
same things (not all) and should be easier to put in, heck, even I might be 
able to do it, if I can ever find time (although with my skills, I would 
almost certainly break something first <(}: ).  As matt said, it will address 
maybe 85% of the cases for VFS, and be easier to put in, should cost less (in 
terms of performance), and otherwise just seems a good idea.  The other 15% 
still makes VFS worth having, for those who need it, but since varsyms will 
make things much better, without (in theory) making things any worse than 
currently for those other cases (if it does make things worse, perhaps 
something needs to be addressed, I just don't see how it makes things any 
worse than the current situation, for people you don't want to run gcc?  Just 
break the chain, or create a /usr/local/gcc/9.9 directory, so the code for 
'latest' will always find that directory, and most of your probelm will go 
away.  Those smart enough to find it, will likely be smart enough to install 
it from ports anyway.


Well, it's way past my bedtime (could you tell? <(}: )

Version: GnuPG v1.2.1 (FreeBSD)


More information about the Kernel mailing list