Unless bind checks the ownership for some reason, it should be OK to just remove the chown. Will do for the next release, whose upload I have just requested from my faithful sponsor.
-- Thomas On 30 March 2016 at 11:12, Marc Haber <mh+debian-b...@zugschlus.de> wrote: > On Wed, Mar 30, 2016 at 09:35:32AM +0200, Thomas Hood wrote: > > I am happy to remove the chown from the (example) script. But are you > sure > > that bind processes the file if the owner is not root:bind? > > Mine takes it happily with root:staff. I guess it won't if it can't > read the file, so the script should make sure to create the file world > readable, which might introduce a privacy problem iff private > information is in the file. > > Maybe take a look at the source file and spew an error if it isn't > world readable, so that the local admin can decide whether to make > the source file world readable or to add CAP_CHOWN to network-manager. > > I do not have an idea if a shell script can check for certain > capabilities, so the script might want to add error handling for the > chown like > > if ! stat --format="%A" "$TMP_FILE" | grep -q '.......r..'; then > if ! chown "$TMP_FILE"; then > echo >&2 "Error: cannot chown $TMP_FILE, capability missing, see > #819498" > fi > fi > > (untested) > > Greetings > Marc > > -- > > ----------------------------------------------------------------------------- > Marc Haber | "I don't trust Computers. They | Mailadresse im Header > Leimen, Germany | lose things." Winona Ryder | Fon: *49 6224 1600402 > Nordisch by Nature | How to make an American Quilt | Fax: *49 6224 1600421 >
