FAQ Search Today's Posts Mark Forums Read
» Video Reviews

» Linux Archive

Linux-archive is a website aiming to archive linux email lists and to make them easily accessible for linux users/developers.


» Sponsor

» Partners

» Sponsor

Go Back   Linux Archive > Gentoo > Gentoo Development

 
 
LinkBack Thread Tools
 
Old 04-03-2010, 05:11 PM
Michał Górny
 
Default Portage, kernel sources and setgid

Hello,

I am using umask 027 on my Gentoo boxes, and setgid bit set on a few
directories crucial to userpriv-enabled merges. This way, I do not have
to worry about running e.g. layman through 'sg' or similar tools, as
all newly-created files inherit portage group ownership, and
newly-created directories inherit the setgid bit.

I would like to be able to use similar solution for compiled kernel
sources, i.e. through setting the setgid bit on /usr/src. But in fact
it is impossible as portage forces setting it's own permissions on all
installed files, thus newly-installed kernel sources do not inherit the
parent group ownership nor the setgid bit.

Now the question is: should such behaviour be considered really correct
and necessary? In my opinion, if user sets setuid/setgid on a parent
directory, shklee knows what shklee is doing and emerge should not
override this system-specific ownership inheritance.

--
Best regards,
Michał Górny

<http://mgorny.alt.pl>
<xmpp:mgorny@jabber.ru>
 
Old 04-03-2010, 05:45 PM
Zac Medico
 
Default Portage, kernel sources and setgid

On 04/03/2010 10:11 AM, Michał Górny wrote:
> Hello,
>
> I am using umask 027 on my Gentoo boxes, and setgid bit set on a few
> directories crucial to userpriv-enabled merges. This way, I do not have
> to worry about running e.g. layman through 'sg' or similar tools, as
> all newly-created files inherit portage group ownership, and
> newly-created directories inherit the setgid bit.
>
> I would like to be able to use similar solution for compiled kernel
> sources, i.e. through setting the setgid bit on /usr/src. But in fact
> it is impossible as portage forces setting it's own permissions on all
> installed files, thus newly-installed kernel sources do not inherit the
> parent group ownership nor the setgid bit.
>
> Now the question is: should such behaviour be considered really correct
> and necessary? In my opinion, if user sets setuid/setgid on a parent
> directory, shklee knows what shklee is doing and emerge should not
> override this system-specific ownership inheritance.
>

Your issue seems somewhat related to this bug:

http://bugs.gentoo.org/show_bug.cgi?id=141619

My first inclination is to use configuration file for stuff like
this, since it's not really possible to distinguish ad hoc
permission modifications done by the user from incorrect permissions
that are due to other reasons such as faulty ebuilds. It would
probably also be a good idea to record file permissions in
/var/db/pkg/*/*/CONTENTS, so that we'd have some way know when
permissions differ from those initially set by the ebuild, and a way
to detect collisions in directory permissions between 2 different
ebuilds that install files in the same directory.
--
Thanks,
Zac
 

Thread Tools




All times are GMT. The time now is 04:36 PM.

VBulletin, Copyright ©2000 - 2014, Jelsoft Enterprises Ltd.
Content Relevant URLs by vBSEO ©2007, Crawlability, Inc.
Copyright 2007 - 2008, www.linux-archive.org