Bug#608604: libsqlite3-0: permissions for created database files are hardcoded and do not obey umask setting
On Sat, Jan 01, 2011 at 11:43:52PM +0100, Anders Lennartsson wrote: With Subversion 1.6 there is an essentially identical problem arising as sqlite3 is used within Subversion repositories in the form of the file db/rep-cache.db. For a good analysis of the cause of this see http://old.nabble.com/-Issue-3437--New---rep-cache.db-created-without-group-write-bit-td24186740.html FWIW, here's also another bug about the subversion problem, including further pointers. Hth. Best regards, -- Olivier BERGER http://www-public.telecom-sudparis.eu/~berger_o/ - OpenPGP-Id: 2048R/5819D7E8 Ingenieur Recherche - Dept INF Institut Mines-Telecom, Telecom SudParis, Evry (France) -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#608604: libsqlite3-0: permissions for created database files are hardcoded and do not obey umask setting
Package: libsqlite3-0 Version: 3.7.3-1 Severity: normal Database files created by the library are given permissions rw-r--r-- regardless of what permissions are indicated by umask. This is a problem when creating Trac webs by trac-admin initenv. If the SGID bit is set on the directory where this is executed, and the umask is set to 002, the files and directories created inherit the group of the original directory. Further, the files typically have 664 permissions and are thus writable by the group. This is a common configuration for a Trac server administrated by several people where the group is set to www-data to allow Apache to write in these files. But, the current behaviour of libsqlit3-0 is to hardcode the permissions to 644 which is not writable by the group. With Subversion 1.6 there is an essentially identical problem arising as sqlite3 is used within Subversion repositories in the form of the file db/rep-cache.db. For a good analysis of the cause of this see http://old.nabble.com/-Issue-3437--New---rep-cache.db-created-without-group-write-bit-td24186740.html Solution: Either patch the source file os_unix.c with the following patch: --- sqlite3-3.7.3.orig/src/os_unix.c +++ sqlite3-3.7.3/src/os_unix.c @@ -154,7 +154,7 @@ ** Default permissions when creating a new file */ #ifndef SQLITE_DEFAULT_FILE_PERMISSIONS -# define SQLITE_DEFAULT_FILE_PERMISSIONS 0644 +# define SQLITE_DEFAULT_FILE_PERMISSIONS 0666 #endif or add the flag -DSQLITE_DEFAULT_FILE_PERMISSIONS=0666 at some useful line in debian/rules so the flag is used during compile time. -- System Information: Debian Release: squeeze/sid APT prefers testing APT policy: (500, 'testing') Architecture: amd64 (x86_64) Kernel: Linux 2.6.32-5-amd64 (SMP w/2 CPU cores) Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash Versions of packages libsqlite3-0 depends on: ii libc6 2.11.2-7 Embedded GNU C Library: Shared lib libsqlite3-0 recommends no packages. libsqlite3-0 suggests no packages. -- no debconf information -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org