Package: ferm Version: 2.2-2 Severity: normal Tags: patch Hi formorer,
the ferm package sets mode/group and owner of the /etc/ferm directory on each package configuration / update, thus overwriting user changes such as making that directory world readable: | cat /var/lib/dpkg/info/ferm.postinst | #!/bin/sh [..] | if [ "$action" = configure ]; then [..] Wrapping the last part with this if-statement should fix this: if ! dpkg-statoverride --list /etc/ferm > /dev/null 2>&1; then -- System Information: Debian Release: jessie/sid APT prefers testing APT policy: (500, 'testing'), (99, 'unstable') Architecture: amd64 (x86_64) Foreign Architectures: i386 Kernel: Linux 3.14-1-amd64 (SMP w/4 CPU cores) Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash
diff -ur ferm-2.2.orig/debian/ferm.postinst ferm-2.2/debian/ferm.postinst --- ferm-2.2.orig/debian/ferm.postinst 2014-06-25 17:52:44.000000000 +0200 +++ ferm-2.2/debian/ferm.postinst 2014-06-25 17:54:35.695279179 +0200 @@ -39,10 +39,12 @@ grep -Eq '^ *ENABLED=' /etc/default/ferm || \ echo "ENABLED=\"$VALUE\"" >> /etc/default/ferm - # make the firewall configuration readable only by root and group adm - if [ -d /etc/ferm ]; then - chown -R root:adm /etc/ferm - chmod 2750 /etc/ferm + if ! dpkg-statoverride --list /etc/ferm > /dev/null 2>&1; then + # make the firewall configuration readable only by root and group adm + if [ -d /etc/ferm ]; then + chown -R root:adm /etc/ferm + chmod 2750 /etc/ferm + fi fi fi