FAQ Search Today's Posts Mark Forums Read
» Video Reviews

» Linux Archive

Linux-archive is a website aiming to archive linux email lists and to make them easily accessible for linux users/developers.


» Sponsor

» Partners

» Sponsor

Go Back   Linux Archive > Gentoo > Gentoo Alt

 
 
LinkBack Thread Tools
 
Old 10-20-2011, 11:05 AM
Burcin Erocal
 
Default permission test

On Tue, 18 Oct 2011 20:45:50 +0200
Fabian Groffen <grobian@gentoo.org> wrote:

> On 18-10-2011 20:34:12 +0200, Burcin Erocal wrote:
> > > > # Now we look for all world writable files.
> > > > + if [ "${QA_SKIP_WRITABLE-unset}" == unset ] ; then
> > > > local i
> > > > for i in $(find "${D}/" -type f -perm -2); do
> > >
> > > How would this work, if you changed the D into ED here? Checking
> > > files outside of our control is indeed not really useful.
> >
> > In that context, printing $D gives $PORTAGE_TMP/$CATEGORY/$P/image
> > in the prefix. Since these are the new files introduced by the
> > ebuild, I don't think we need to change that line. Note that this
> > is already in the portage sources and I didn't touch it.
>
> Ok, ED doesn't make a difference here. Can you explain why the host
> system is making world-writable files? What's its rationale to force
> that on you? Can't you really not just sanitise that (your umask?)

The message below wasn't distributed to gentoo-alt@, probably since
Alexander is not subscribed to the group.


Begin forwarded message:

Date: Wed, 19 Oct 2011 01:12:53 +0200
From: Alexander Dreyer <alexander.dreyer@itwm.fraunhofer.de>
To: Burcin Erocal <burcin@erocal.org>
Cc: gentoo-alt@lists.gentoo.org
Subject: Re: Fw: [gentoo-alt] permission test


Hi Burcin,
> can you provide more information about the file system that requires
> the change for the world writable check?
>
> I remember something about making files accessible to the group, but I
> don't think I can describe the reason sufficiently.
The file system itself is nothing special, but it is hosted by a
standalone file server which is exported to our Linux servers. But the
problem is not cause by a technical issue, but by a social one:

We have shared directories which can only be accessed by a certain
group of users. The access is managed by ACLs on the toplevel
directory, s.th. only permitted users gain access to the latter and its
child directories. Unfortunately the group of users is not a unix group
- this would not be possible because different projects gain various
combinations of people. So in order to allow collaboration, files have
to have world read/writable permissions.
(Anyway I do not have influence on this setup.)

You can change these permissions afterwards, but newly generated files
are world-writable in the first (this is enforced by the file server).
Of course only formally, because the access is restricted by the
toplevel ACLs.

Please note, that the problem only occurs for generated files, whose
permissions are never set (using chmod, install or untar sufficies to
fix the isuue). So I would consider this as a bug of those packages,
respectively.

BTW: I didn't try out, but FAT-based USB drives often enforce
world-writable mounts also.

It would already help me a lot, if the warning would not sleep for a
second.

My best,
Alexander
 
Old 10-20-2011, 11:10 AM
Fabian Groffen
 
Default permission test

On 20-10-2011 13:05:22 +0200, Burcin Erocal wrote:
> > Ok, ED doesn't make a difference here. Can you explain why the host
> > system is making world-writable files? What's its rationale to force
> > that on you? Can't you really not just sanitise that (your umask?)
>
> Date: Wed, 19 Oct 2011 01:12:53 +0200
> From: Alexander Dreyer <alexander.dreyer@itwm.fraunhofer.de>
> To: Burcin Erocal <burcin@erocal.org>
> Cc: gentoo-alt@lists.gentoo.org
> Subject: Re: Fw: [gentoo-alt] permission test
>
> You can change these permissions afterwards, but newly generated files
> are world-writable in the first (this is enforced by the file server).
> Of course only formally, because the access is restricted by the
> toplevel ACLs.
>
> It would already help me a lot, if the warning would not sleep for a
> second.

Ok, so would the tradeoff to give a warning and sleep only once (the
sleep perhaps is even misplaced here), instead of for every file be
acceptable?


--
Fabian Groffen
Gentoo on a different level
 
Old 10-20-2011, 11:20 AM
Burcin Erocal
 
Default permission test

On Thu, 20 Oct 2011 13:10:07 +0200
Fabian Groffen <grobian@gentoo.org> wrote:

> On 20-10-2011 13:05:22 +0200, Burcin Erocal wrote:
> > > Ok, ED doesn't make a difference here. Can you explain why the
> > > host system is making world-writable files? What's its rationale
> > > to force that on you? Can't you really not just sanitise that
> > > (your umask?)
> >
> > Date: Wed, 19 Oct 2011 01:12:53 +0200
> > From: Alexander Dreyer <alexander.dreyer@itwm.fraunhofer.de>
> > To: Burcin Erocal <burcin@erocal.org>
> > Cc: gentoo-alt@lists.gentoo.org
> > Subject: Re: Fw: [gentoo-alt] permission test
> >
> > You can change these permissions afterwards, but newly generated
> > files are world-writable in the first (this is enforced by the file
> > server). Of course only formally, because the access is restricted
> > by the toplevel ACLs.
> >
> > It would already help me a lot, if the warning would not sleep for a
> > second.
>
> Ok, so would the tradeoff to give a warning and sleep only once (the
> sleep perhaps is even misplaced here), instead of for every file be
> acceptable?

Yes, sleeping once per package should be OK.

Thanks.

Burcin
 
Old 10-21-2011, 06:15 AM
Zac Medico
 
Default permission test

On 10/20/2011 04:20 AM, Burcin Erocal wrote:
> On Thu, 20 Oct 2011 13:10:07 +0200
> Fabian Groffen <grobian@gentoo.org> wrote:
>> Ok, so would the tradeoff to give a warning and sleep only once (the
>> sleep perhaps is even misplaced here), instead of for every file be
>> acceptable?
>
> Yes, sleeping once per package should be OK.

It's fixed in these two commits:

http://git.overlays.gentoo.org/gitweb/?p=proj/portage.git;a=commit;h=a5968f7d9b1c17568fba27f7b7f d284b9431802d
http://git.overlays.gentoo.org/gitweb/?p=proj/portage.git;a=commit;h=44a03c9f2218ae7cfdc03aae495 d255e0ca2e5b1

--
Thanks,
Zac
 

Thread Tools




All times are GMT. The time now is 12:10 PM.

VBulletin, Copyright ©2000 - 2014, Jelsoft Enterprises Ltd.
Content Relevant URLs by vBSEO ©2007, Crawlability, Inc.
Copyright 2007 - 2008, www.linux-archive.org