FAQ Search Today's Posts Mark Forums Read
» Video Reviews

» Linux Archive

Linux-archive is a website aiming to archive linux email lists and to make them easily accessible for linux users/developers.


» Sponsor

» Partners

» Sponsor

Go Back   Linux Archive > Debian > Debian Development

 
 
LinkBack Thread Tools
 
Old 10-09-2012, 03:50 PM
Andreas Beckmann
 
Default packages that disagree on file/directory ownership/permissions

Hi,

there are several packages that don't "agree" on the
ownership/permissions of some files or directories. Usually one package
(e.g. foo-common) ships some files and/or directories while another
(e.g. foo-bar with Depends: foo-common) ships an overlapping directory
tree and has a postinst script that runs chown/chmod.

Possible problems that could arise out of this:
* foo-common and foo-bar have disagreeing chown/chmod commands in their postinst
* foo-common gets updated and permissions/ownership might get (partially) reset, breaking foo-bar or opening a security hole
* foo-common's maintainer scripts (run as root) have to be more careful when handling files/directories that are writable by less privileged users

What's the best way to handle these things properly?

IMO it would be best if some "common" package would do the initial
setup, create the user if needed and fix permissions and ownership,
while all other packages "sharing" this tree would depend on the
"common" package

A few examples from piuparts --install-purge-install which does
install dependencies($PKG)
snapshot $CHROOT
install $PKG
purge $PKG
verify snapshot

opennebula_3.4.1-3.1
0m29.4s DEBUG: Modified(uid, gid, mode, size, target): /var/lib/one/.one/ (101, 0, d 40700, 40, None) != (101, 103, d 40700, 60, None)
0m30.0s ERROR: FAIL: After purging files have been modified:
/var/lib/one/.one/ owned by: opennebula
# looks like some dependency already does mkdir /var/lib/one && chown

cups-pdf_2.6.1-7
0m43.9s DEBUG: Modified(uid, gid, mode, size, target): /var/log/cups/ (0, 0, d 40755, 40, None) != (0, 102, d 40755, 40, None)
0m44.2s ERROR: FAIL: After purging files have been modified:
/var/log/cups/ owned by: cups-pdf, cups
# hmm, chgrp lpadmin but not chmod g+w - that looks useless

xymon_4.3.0~beta2.dfsg-9.1
0m26.7s DEBUG: Modified(uid, gid, mode, size, target): /var/lib/hobbit/ (0, 0, d 40755, 60, None) != (101, 102, d 40755, 60, None)
0m27.1s ERROR: FAIL: After purging files have been modified:
/var/lib/hobbit/ owned by: xymon, xymon-client

solr-tomcat_3.6.0+dfsg-1
0m25.5s DEBUG: Modified(uid, gid, mode, size, target): /var/lib/solr/data/ (0, 0, d 40755, 40, None) != (101, 102, d 40770, 40, None)
0m25.9s ERROR: FAIL: After purging files have been modified:
/var/lib/solr/data/ owned by: solr-common

snort_2.9.2.2-3
0m14.6s DEBUG: Modified(uid, gid, mode, size, target): /etc/snort/snort.conf (0, 0, - 100644, 26450, None) != (0, 103, - 100640, 26450, None)
0m14.9s ERROR: FAIL: After purging files have been modified:
/etc/snort/snort.conf owned by: snort-common

snmpd_5.4.3~dfsg-2.5
0m22.9s DEBUG: Modified(uid, gid, mode, size, target): /var/lib/snmp/ (0, 0, d 40755, 40, None) != (101, 102, d 40755, 40, None)
0m23.3s ERROR: FAIL: After purging files have been modified:
/var/lib/snmp/ owned by: libsnmp15, libsnmp-base

quantum-server_2012.1-6
0m25.8s DEBUG: Modified(uid, gid, mode, size, target): /etc/quantum/plugins/ (0, 0, d 40755, 60, None) != (101, 102, d 40755, 60, None)
0m25.8s DEBUG: Modified(uid, gid, mode, size, target): /etc/quantum/ (0, 0, d 40755, 60, None) != (101, 102, d 40700, 60, None)
0m25.8s DEBUG: Modified(uid, gid, mode, size, target): /etc/quantum/plugins/openvswitch/ovs_quantum_plugin.ini (0, 0, - 100644, 2191, None) != (101, 102, - 100644, 2191, None)
0m25.8s DEBUG: Modified(uid, gid, mode, size, target): /etc/quantum/plugins/openvswitch/ (0, 0, d 40755, 60, None) != (101, 102, d 40755, 60, None)
0m26.2s ERROR: FAIL: After purging files have been modified:
/etc/quantum/ owned by: quantum-server, quantum-plugin-openvswitch
/etc/quantum/plugins/ owned by: quantum-plugin-openvswitch
/etc/quantum/plugins/openvswitch/ owned by: quantum-plugin-openvswitch
/etc/quantum/plugins/openvswitch/ovs_quantum_plugin.ini owned by: quantum-plugin-openvswitch

firebird2.5-classic_2.5.2~svn+54698.ds4-1
0m17.1s DEBUG: Modified(uid, gid, mode, size, target): /var/lib/firebird/2.5/backup/no_empty (0, 0, - 100644, 0, None) != (101, 102, - 100660, 0, None)
0m17.1s DEBUG: Modified(uid, gid, mode, size, target): /var/lib/firebird/2.5/data/ (0, 0, d 40755, 60, None) != (101, 102, d 40770, 60, None)
0m17.1s DEBUG: Modified(uid, gid, mode, size, target): /var/lib/firebird/2.5/backup/ (0, 0, d 40755, 60, None) != (101, 102, d 40770, 60, None)
0m17.1s DEBUG: Modified(uid, gid, mode, size, target): /var/lib/firebird/2.5/data/no_empty (0, 0, - 100644, 0, None) != (101, 102, - 100660, 0, None)
0m17.1s DEBUG: Modified(uid, gid, mode, size, target): /var/lib/firebird/2.5/system/help.fdb (0, 0, - 100644, 819200, None) != (101, 102, - 100660, 819200, None)
0m17.1s DEBUG: Modified(uid, gid, mode, size, target): /var/lib/firebird/2.5/system/ (0, 0, d 40755, 80, None) != (101, 102, d 40770, 100, None)
0m17.1s DEBUG: Modified(uid, gid, mode, size, target): /var/lib/firebird/2.5/ (0, 0, d 40755, 120, None) != (101, 102, d 40770, 120, None)
0m17.1s DEBUG: Modified(uid, gid, mode, size, target): /var/lib/firebird/2.5/system/default-security2.fdb (0, 0, - 100644, 729088, None) != (101, 102, - 100660, 729088, None)
0m17.3s ERROR: FAIL: After purging files have been modified:
/var/lib/firebird/2.5/ owned by: firebird2.5-server-common
/var/lib/firebird/2.5/backup/ owned by: firebird2.5-server-common
/var/lib/firebird/2.5/backup/no_empty owned by: firebird2.5-server-common
/var/lib/firebird/2.5/data/ owned by: firebird2.5-server-common
/var/lib/firebird/2.5/data/no_empty owned by: firebird2.5-server-common
/var/lib/firebird/2.5/system/ owned by: firebird2.5-server-common
/var/lib/firebird/2.5/system/default-security2.fdb owned by: firebird2.5-server-common
/var/lib/firebird/2.5/system/help.fdb owned by: firebird2.5-server-common

spam_3.10.2+dfsg-2
0m14.3s DEBUG: Modified(uid, gid, mode, size, target): /var/spool/dspam/ (0, 0, d 40755, 40, None) != (101, 102, d 40770, 40, None)
0m14.6s ERROR: FAIL: After purging files have been modified:
/var/spool/dspam/ owned by: dspam, libdspam7:amd64

heartbeat_1:3.0.5-3
0m29.7s DEBUG: Modified(uid, gid, mode, size, target): /var/lib/heartbeat/cores/hacluster/ (0, 0, d 40755, 40, None) != (101, 0, d 40700, 40, None)
0m29.7s DEBUG: Modified(uid, gid, mode, size, target): /var/lib/heartbeat/cores/nobody/ (0, 0, d 40755, 40, None) != (65534, 0, d 40700, 40, None)
0m29.7s DEBUG: Modified(uid, gid, mode, size, target): /var/lib/heartbeat/cores/root/ (0, 0, d 40755, 40, None) != (0, 0, d 40700, 40, None)
0m30.3s ERROR: FAIL: After purging files have been modified:
/var/lib/heartbeat/cores/hacluster/ owned by: heartbeat, cluster-glue
/var/lib/heartbeat/cores/nobody/ owned by: heartbeat, cluster-glue
/var/lib/heartbeat/cores/root/ owned by: heartbeat, cluster-glue

asterisk_1:1.8.13.1~dfsg-1
0m15.3s DEBUG: Modified(uid, gid, mode, size, target): /etc/asterisk/logger.conf (0, 0, - 100640, 4294, None) != (101, 102, - 100640, 4294, None)
0m15.3s DEBUG: Modified(uid, gid, mode, size, target): /etc/asterisk/telcordia-1.adsi (0, 0, - 100640, 1384, None) != (101, 102, - 100640, 1384, None)
0m15.3s DEBUG: Modified(uid, gid, mode, size, target): /etc/asterisk/indications.conf (0, 0, - 100640, 24955, None) != (101, 102, - 100640, 24955, None)
0m15.3s DEBUG: Modified(uid, gid, mode, size, target): /etc/asterisk/queuerules.conf (0, 0, - 100640, 1440, None) != (101, 102, - 100640, 1440, None)
0m15.3s DEBUG: Modified(uid, gid, mode, size, target): /etc/asterisk/amd.conf (0, 0, - 100640, 767, None) != (101, 102, - 100640, 767, None)
0m15.3s DEBUG: Modified(uid, gid, mode, size, target): /etc/asterisk/chan_dahdi.conf (0, 0, - 100640, 56496, None) != (101, 102, - 100640, 56496, None)
[...]
0m15.6s ERROR: FAIL: After purging files have been modified:
/etc/asterisk/ owned by: asterisk, asterisk-config
/etc/asterisk/adsi.conf owned by: asterisk-config
/etc/asterisk/agents.conf owned by: asterisk-config
/etc/asterisk/ais.conf owned by: asterisk-config
/etc/asterisk/alarmreceiver.conf owned by: asterisk-config
/etc/asterisk/alsa.conf owned by: asterisk-config
[...]


Andreas


--
To UNSUBSCRIBE, email to debian-devel-REQUEST@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
Archive: 507447DA.3090201@abeckmann.de">http://lists.debian.org/507447DA.3090201@abeckmann.de
 

Thread Tools




All times are GMT. The time now is 02:45 AM.

VBulletin, Copyright ©2000 - 2014, Jelsoft Enterprises Ltd.
Content Relevant URLs by vBSEO ©2007, Crawlability, Inc.
Copyright 2007 - 2008, www.linux-archive.org