this post was submitted on 24 Jun 2023
7 points (100.0% liked)

Arch Linux

7750 readers
2 users here now

The beloved lightweight distro

founded 4 years ago
MODERATORS
 

When using sudo yay it recommends not using sudo. It seems I had two different outcomes from using sudo and then from not using it. Having used it, what effect does this have?

you are viewing a single comment's thread
view the rest of the comments
[–] sorrybookbroke@sh.itjust.works 6 points 1 year ago* (last edited 1 year ago) (2 children)

What different effect did you see?

The main difference is in where the package gets built, as you are the root user not your own user, the cache will be in a strange place and some config files may be misplaced.

Also, running as root is dangerous as the aur uses random scripts made by strangers on the internet. (edit: as stated by OP, mkpackape refuses to run anyway) This can be very dangerous, even when not run as root. I've seen an ip logger next to a list of "people who can fuck themselves", fork bombs, and have heard of crypto miners being installed. All in large well used repos.

Cemu, nordvpn, certain browsers, and many more are not distributed by their owners

Giving these scripts that are often made by some random person root access is asking for damage. People could just put dd if=/dev/random of=/dev/sda inside it and boom, your drive is not only gone but you can't even recover your data

Edit: they are correct, yay will simply refuse to install an aur package using sudo, apologies for suggesting otherwise

[–] UnfortunateShort@lemmy.world 5 points 1 year ago

Look at the pkgbuilds and the sources used! That's the minimum of due diligence one should do when using the AUR.

[–] Admetus@sopuli.xyz 2 points 1 year ago

With sudo it appears the dependencies for pkgbuild are downloaded then deleted but qv2ray, the main target remains uninstalled (manual intervention required) and it states qv2ray - exit status 10.

However on the second time without sudo the package is finished and a second install prompt appears, and the installation is successful.

So it appears to be that running makepkg with sudo was not permitted anyway, and there was no result. Also the packages (the cache you refer to?) were deleted following this.

I'll remember from now on the AUR is riskier than pacman and I'm glad the package was installed in /home. 🤔