Am Sonntag, 10. Dezember 2006 19:25 schrieb Michael Tautschnig: > > Am Freitag, 8. Dezember 2006 16:48 schrieben Sie: > > > > > > - some -k/--keep option (which I'd rather call --keep-permissions > > > > > > :-) > > > > > > [...] > > > If a file permission get borked it will never be fixed by an > > > softupdate. > > > > you don't need to use the -k (keep-permissions) option, so spftupdate can > > fix it. But why should it be broken anyway? > > Never trust your system. Never.
Your are right, but that doesn't mean to use FAI to make it more trustworthy. If something/someone changes permissions on your system it should be detected by something like an IDS and not corrected silently by FAI softupdate. > > > In the case that it's not root:root 644 it has in most cases a special > > > reason. If the file is missing there noting to preserve, what to use > > > then? > > > > then use -M, -m or source file permissions as it is right now. > > I'd say the patch should add 2 warning: > - One to be displayed in case there is destination file > - Anotherone in the man page: WARNING: -k might introduce a security hole > in case the permissions of the destination file have been altered > unexpectedly. good idea. Warnings are always useful. > Then, well, it's up to the FAI-user to use -k or not. exactly. > Return codes and fcopy to me is a somewhat strange thing. The current > default behaviour is that preserving a file is treated as an error and a > non-zero exit status is returned. > > In my opinion fcopy should only return something other than 0 if an error > occurred. And preserving a file is not an error IMHO. > > As such I'd go for the following: Return 0 unless anything inside fcopy > (which includes preinst/postinst) went wrong. To find out, whether files > have been altered or not (which includes changing permissions), I'd prefer > an output like the following (more or less proper perl, but I guess you get > the idea): > > if( $changed ) > { > printf "fcopy is updating $file:\n"; > printf "\t Copied $src to $dest\n" if( $copied ); > printf "\t Permissions set to $perm\n" if( $perm_changed ); > } I would rather stick to the output fcopy uses today. I don't think that we need to distinguish between content and permission change. A script could always analyze the situation further if it needs more information. > Then, one could do the following: > > fcopy ... /etc/postgresql | grep -q "fcopy is updating" && > /etc/init.d/postgresql restart Yes, i guess you are right. I just started to do some test with fcopy returning "useful" exit codes but it is rather strange. Just printing out what has changed is a rather small patch. kind regards, Janning > Best, > Michael -- PLANWERK 6 websolutions Venloer Straße 8, 40477 Düsseldorf Tel: (0211) 302666-0 Fax: (0211) 302666-10 http://www.planwerk6.de/