The distfiles, pobj, plist and packages dirs are the only bits of ports that will be modified.
Just make all of the tree read only, and make the above directories writable by your group, then you don’t need to overwrite any of the ports vars ( WRKOBJDIR…. etc.. )
My general process looks something like this:
cd /usr
tar -zxvf ~/ports.tar.gz
find /usr/ports -type f \! -perm 0755 -exec chmod 644 {} \;
mkdir /usr/ports/{distfiles,pobj,plist,packages}
chgrp -R wsrc ports
chmod g+rwx /usr/ports/{distfiles,pobj,plist,packages}
Combine that with your sudo line, and you have functional read-only ports with restrictive sudo ( but for wsrc :P ) that works with devel/autoconf/2.59.
Also, if you are worried about people doing bad things with sudo, enable aggressive logging.
The distfiles, pobj, plist and packages dirs are the only bits of ports that will be modified.
Just make all of the tree read only, and make the above directories writable by your group, then you don’t need to overwrite any of the ports vars ( WRKOBJDIR…. etc.. )
My general process looks something like this:
Combine that with your sudo line, and you have functional read-only ports with restrictive sudo ( but for wsrc :P ) that works with devel/autoconf/2.59.
Also, if you are worried about people doing bad things with sudo, enable aggressive logging.