On 2014-09-09 13:29:28, Sven Hartge wrote: > Package: smokeping > Version: 2.6.9-1 > Severity: normal > > Hi! > > In the postinst the following commands are executed: > > ,---- > | chown smokeping:smokeping /var/lib/smokeping > | chown smokeping:smokeping /etc/smokeping/smokeping_secrets > | chmod 640 /etc/smokeping/smokeping_secrets > `---- > > This unconditionally destroys any custom permissions the admin may have > set. Overwriting the permissions for /etc/smokeping/smokeping_secrets is > especially desastrous because this file needs to be read by the www-data > user (or group) to allow slaves to connect correctly. > > Right now the only option is to use POSIX-ACLs to allow www-data to read > that file because if you just use "chgrp www-data" this change will get > overwritten the next time the package is updated.
Since there's no mechanism (AFAIK) for automatically handling custom
permissions for conffiles, and both the admin and the package fight over
this, the first solution that comes to mind is to add debconf questions
for owner and mode, and always use debconf/the package to manage the
permissions. This would solve both problems (conflicts and custom
permissions).
A simpler alternative but not that flexible would be to add only one
question ("support slaves"), which would different, but still hard-coded
permissions.
Thoughts?
iustin
signature.asc
Description: PGP signature
