Non Root Build Environment

It’s generally considered good practice to compile things as a non-root user. If you’ve unpacked the source in your home directory, this is easy to do – all of the sources will be owned by you. However, if you have co-administrators, or you don’t want to put “system” source packages in your home directory, then you can still compile things as a non-root user. It just takes a little planning and set-up.

We shall assume that you are going to do all of your package compiling in the /usr/local/src directory. Some people use /usr/src for this purpose instead (or even as well).

Note that after doing this, you will still have to become root to install the packages that you build, but at least you can build them as non-root.

Create a group

The first thing to set up a group for users who are allowed to build things in /usr/local/src. Often, the src group is used for this, and will already exist on your system. If you don’t have a src group, or you want to use a different group name, then create one. There are at least two different sets of tools to do this in common use:

  • For Debian systems:
 1. addgroup src
  • For Red Hat systems:
 1. groupadd src

Set up users

The next thing to do is add the relevant users to the src group. For systems using addgroup/adduser, the tools make it easy for you. For systems using groupadd/useradd, it’s a bit trickier with the command-line tools.

  • For Debian systems:
 1. addgroup me src
  • For Red Hat systems, you have to get a complete list of the groups that the user is in, and reproduce that list with the src group in it:

 1. groups me me : me audio  1. usermod -G me,audio,src me

A single command-line which will do this is:

 1. usermod -G $(groups me | sed -e 's/^.* : //' -e 's/ /,/g') me

Alternatively, on both systems you should be able to use the vigr tool to edit the /etc/group file directly in safety. For example:

 1. EDITOR=jed vigr

Then find the line starting src:, and add the list of users to the end of it, comma-separated, with no spaces:


Set directory flags

Now that you have a group set up, with users in that group, you can set up the directory containing your sources so that everything is modifiable by the group. The most important bit of this is setting the SGID bit on all the directories, which ensures that any files created under that directory tree are automatically owned by the right group:

 1. chmod -R g+rwXs /usr/local/src

Also change the group ownership of any files in there already:

 1. chgrp -R src /usr/local/src

Using it properly

If all is correctly set up, you should be able to build a complete source tree (including a kernel) under the /usr/local/src tree. To ensure that it keeps the right permissions (so that other people in the src group can use the same source trees), you should make sure that your umask is set to 007 or 002 before you do anything in the src directory:

$ umask 007 (or 002)

A umask of 002 can be set automatically for all users in /etc/profile, or individually for each user in ~/.profile. See LinuxHints/BashStartup for how bash reads its initialisation files.

Note that on many systems (Debian, certainly) a umask is already defined in /etc/profile.

Fixing things when they go wrong

Sometimes, someone forgets to set their umask before using the src directory. This will generally prevent others from using the directory as intended. To fix this, just change the group permissions for all files back to group writable:

 1. chmod -R g+rwX /usr/local/src

Leave a Reply