Marc Haber <[EMAIL PROTECTED]> (Di 11 Apr 2006 16:16:53 CEST): > On Tue, Apr 11, 2006 at 02:35:09PM +0200, Heiko Schlittermann wrote: > > As stated in the subject -- the postinstall uses unconditionally > > chmod/chown. If the local admin tries to change permissions using > > dpkg-statoverride, these local changes are not respected. > > +# useful functions > > +setperm() { > > + local user="$1"; shift > > + local group="$1"; shift > > + local mode="$1"; shift > > + local file="$1"; shift > > + dpkg-statoverride --list "$file" >/dev/null && return 0 > > + dpkg-statoverride --update --add "$user" "$group" "$mode" "$file" > > +} > > The maintainer script adding the statoverride does not seem to be > policy compliant to me. We are not to touch the dpkg-statoverride > database.
What about the policy manual 10.9.1? Given the above, dpkg-statoverride is essentially a tool for system administrators and would not normally be needed in the maintainer scripts. There is one type of situation, though, where calls to dpkg-statoverride would be needed in the maintainer scripts, and that involves packages which use dynamically allocated user or group ids. In such a situation, something like the following idiom can be very helpful in the package's postinst, where sysuser is a dynamically allocated id: .... Of course, both (not touching the statoverride data base - and - using statoverride for fixing the permissions) have their pro & con. Pro using statoverride: o it's clean interface o admin is able to see all permissions different from root:root 0755/0644 o easy way to recover lost permissions of packaged files Contra: o probably huge data base of statoverrides o more steps for admin to change the permissions of statoverridden files (as statoverride only changes the permissions during '--add', and the files are added already during package installation) (May be a new version of statoverride could solve it: dpkg-statoverride --update --list <pattern>) Best regards from Dresden Viele Grüße aus Dresden Heiko Schlittermann -- SCHLITTERMANN.de ---------------------------- internet & unix support - Heiko Schlittermann HS12-RIPE ----------------------------------------- gnupg encrypted messages are welcome - key ID: 48D0359B --------------- gnupg fingerprint: 3061 CFBF 2D88 F034 E8D2 7E92 EE4E AC98 48D0 359B -
signature.asc
Description: Digital signature