Bug#837206: [Freedombox-pkg-team] Bug#837206: plinth: Change ownership of plinth.sqlite3 to plinth:plinth from root:root
On Fri, 23 Sep 2016 08:13:40 +0530 Sunil Mohan Adapawrote: > Perhaps plinth:plinth ? I see no reason to keep it as plinth:root. Maybe the explicit version is better, but "plinth:" actually means "plinth:plinth". From chown man page: Group is unchanged if missing, but changed to login group if implied by a ':' following a symbolic OWNER. > The patch looks good to me. Please go ahead and commit it. Done. signature.asc Description: OpenPGP digital signature
Bug#837206: [Freedombox-pkg-team] Bug#837206: plinth: Change ownership of plinth.sqlite3 to plinth:plinth from root:root
On 09/23/2016 05:14 AM, James Valleroy wrote: > Here's a patch to fix the DB and log file permissions after "plinth > --setup". I also changed it to use the new command "--setup-no-install", > which ensures that the required packages are already installed and won't > try to install them like --setup does. [...] > ++# Ensure that DB and log file permissions are correct > ++chown -R plinth: /var/lib/plinth /var/log/plinth Perhaps plinth:plinth ? I see no reason to keep it as plinth:root. The patch looks good to me. Please go ahead and commit it. -- Sunil signature.asc Description: OpenPGP digital signature
Bug#837206: plinth: Change ownership of plinth.sqlite3 to plinth:plinth from root:root
Here's a patch to fix the DB and log file permissions after "plinth --setup". I also changed it to use the new command "--setup-no-install", which ensures that the required packages are already installed and won't try to install them like --setup does. From 9835d5fb3a707dd638a52246255569b9eb2a9de1 Mon Sep 17 00:00:00 2001 From: James ValleroyDate: Thu, 22 Sep 2016 18:04:48 -0400 Subject: [PATCH] Add patch to fix permissions and use new setup command --- debian/patches/0004-fix-permissions.patch | 15 +++ debian/patches/series | 1 + 2 files changed, 16 insertions(+) create mode 100644 debian/patches/0004-fix-permissions.patch diff --git a/debian/patches/0004-fix-permissions.patch b/debian/patches/0004-fix-permissions.patch new file mode 100644 index 000..be11f92 --- /dev/null +++ b/debian/patches/0004-fix-permissions.patch @@ -0,0 +1,15 @@ +Subject: Fix permissions on DB and log file. Use new setup command. + +--- a/data/usr/lib/freedombox/setup.d/86_plinth b/data/usr/lib/freedombox/setup.d/86_plinth +@@ -37,6 +37,9 @@ + echo "Running Plinth setup..." + + # Run plinth setup to install various necessary program +-plinth --setup ++plinth --setup-no-install ++ ++# Ensure that DB and log file permissions are correct ++chown -R plinth: /var/lib/plinth /var/log/plinth + + echo "Done running Plinth setup." diff --git a/debian/patches/series b/debian/patches/series index 3055da5..478ac7a 100644 --- a/debian/patches/series +++ b/debian/patches/series @@ -1,3 +1,4 @@ 0001-disable-privileged-actions-test.patch 0002-skip-copy-doc-dir.patch 0003-disable-restore-module.patch +0004-fix-permissions.patch -- 2.9.3 signature.asc Description: OpenPGP digital signature
Bug#837206: plinth: Change ownership of plinth.sqlite3 to plinth:plinth from root:root
On Thu, 22 Sep 2016 07:42:38 -0400 James Valleroywrote: > On Sat, 10 Sep 2016 08:00:56 +0530 Sunil Mohan Adapa > wrote: > > > > In the upcoming release of Plinth, Plinth runs as non-root user 'plinth'. > > Everything is ready for it, however, for users upgrading from older > > version, > > the ownership of the /var/lib/plinth/plinth.sqlite3 file needs to be > > changed > > from root:root to plinth:plinth. Otherwise, Plinth won't be able to start > > anymore unable to write to its own state file. > > > This seems to already be done with the current postinst. When I upgrade > plinth, the files under /var/lib/plinth and /var/log/plinth are owned by > plinth, where they were previously owned by root. However there is still an issue for new installs. Although those folders are owned by plinth, the db and log files are initially created by "plinth --setup", which is run as root. We may need to patch data/usr/lib/freedombox/setup.d/86_plinth/ to change the owner of these files after "plinth --setup". signature.asc Description: OpenPGP digital signature
Bug#837206: plinth: Change ownership of plinth.sqlite3 to plinth:plinth from root:root
On Sat, 10 Sep 2016 08:00:56 +0530 Sunil Mohan Adapawrote: > > In the upcoming release of Plinth, Plinth runs as non-root user 'plinth'. > Everything is ready for it, however, for users upgrading from older > version, > the ownership of the /var/lib/plinth/plinth.sqlite3 file needs to be > changed > from root:root to plinth:plinth. Otherwise, Plinth won't be able to start > anymore unable to write to its own state file. > This seems to already be done with the current postinst. When I upgrade plinth, the files under /var/lib/plinth and /var/log/plinth are owned by plinth, where they were previously owned by root. signature.asc Description: OpenPGP digital signature
Bug#837206: plinth: Change ownership of plinth.sqlite3 to plinth:plinth from root:root
Package: plinth Version: 0.10.0-1 Severity: normal -BEGIN PGP SIGNED MESSAGE- Hash: SHA512 In the upcoming release of Plinth, Plinth runs as non-root user 'plinth'. Everything is ready for it, however, for users upgrading from older version, the ownership of the /var/lib/plinth/plinth.sqlite3 file needs to be changed from root:root to plinth:plinth. Otherwise, Plinth won't be able to start anymore unable to write to its own state file. -BEGIN PGP SIGNATURE- iQIuBAEBCgAYBQJX03BXERxzdW5pbEBtZWRoYXMub3JnAAoJEEPqHP8Kp8XyxWsP /0PemKxTKqN7k4PnUOIEtynE/Esf4j24dKp1PHyvy447QP4aUmpU3opuwTfU9GeZ 5+jwLeEnjRSlhKtcetaW89PX0mwqXgzpR1N1AjseYHQWidwqIj9ol9Inq3wt5UAh +P4DqxWzvGWQEO/Ab9wtkmEOl+KAaKN+V/7Fq3uC1KjX2oLhgNGFsMf1pbvcm1ig FtDHmlKhetbmwrlZ+Hnv+l7AbWMwI1knAj05883ZR2I2qWOmvKZncQ6ideRStkkL EZOqoEznLrtJg+FnwFW0nBoOa1rrp66JUJC05EIo/TUVhfLovypNO/KBoe06mORI ldCau+TbKWHbWv8MbfQht8ZAm3BfZMrBfL71Bt8jMBu8SghI/4T5lp4xUQiHj7sH ntLdD0K0u7nMVoKtoMZtOgp0eFR7UE/p+GjuOxOBM/v2DD7hjGgUUWMdj4eacwOj cuNRDFvuf+/kTP9rzo8cKgdKGxEXo8zfRoPW7nyNCvxfU/t2+blLC9ycipIe1DUm o+7ic5tdtXoPFm6oK0hVMNnijfmPphwiXw2G9GVlRdJImZN6HPZQS9s303rASY4L jztJDw4ZnT4A5iqUFMx609QpyOmIfO6Z06PRnBYXkyww9rX/t5eriC1GzZKu9JE5 iPNwmfMeagzEjDHlhLu4TsHpyh7NE7ZM17HMNXjcxRLz =9NY0 -END PGP SIGNATURE-