Bug#837206: [Freedombox-pkg-team] Bug#837206: plinth: Change ownership of plinth.sqlite3 to plinth:plinth from root:root

[James Valleroy]

On Fri, 23 Sep 2016 08:13:40 +0530 Sunil Mohan Adapa 
wrote:
> Perhaps plinth:plinth ? I see no reason to keep it as plinth:root.

Maybe the explicit version is better, but "plinth:" actually means
"plinth:plinth". From chown man page:

Group  is  unchanged  if  missing,  but changed  to  login  group if
implied by a ':' following a symbolic OWNER.

> The patch looks good to me. Please go ahead and commit it.

Done.



signature.asc
Description: OpenPGP digital signature

Bug#837206: [Freedombox-pkg-team] Bug#837206: plinth: Change ownership of plinth.sqlite3 to plinth:plinth from root:root

[Sunil Mohan Adapa]

On 09/23/2016 05:14 AM, James Valleroy wrote:
> Here's a patch to fix the DB and log file permissions after "plinth
> --setup". I also changed it to use the new command "--setup-no-install",
> which ensures that the required packages are already installed and won't
> try to install them like --setup does.
[...]
> ++# Ensure that DB and log file permissions are correct
> ++chown -R plinth: /var/lib/plinth /var/log/plinth

Perhaps plinth:plinth ? I see no reason to keep it as plinth:root.

The patch looks good to me.  Please go ahead and commit it.

-- 
Sunil




signature.asc
Description: OpenPGP digital signature

Bug#837206: plinth: Change ownership of plinth.sqlite3 to plinth:plinth from root:root

[James Valleroy]

Here's a patch to fix the DB and log file permissions after "plinth
--setup". I also changed it to use the new command "--setup-no-install",
which ensures that the required packages are already installed and won't
try to install them like --setup does.
From 9835d5fb3a707dd638a52246255569b9eb2a9de1 Mon Sep 17 00:00:00 2001
From: James Valleroy 
Date: Thu, 22 Sep 2016 18:04:48 -0400
Subject: [PATCH] Add patch to fix permissions and use new setup command

---
 debian/patches/0004-fix-permissions.patch | 15 +++
 debian/patches/series |  1 +
 2 files changed, 16 insertions(+)
 create mode 100644 debian/patches/0004-fix-permissions.patch

diff --git a/debian/patches/0004-fix-permissions.patch b/debian/patches/0004-fix-permissions.patch
new file mode 100644
index 000..be11f92
--- /dev/null
+++ b/debian/patches/0004-fix-permissions.patch
@@ -0,0 +1,15 @@
+Subject: Fix permissions on DB and log file. Use new setup command.
+
+--- a/data/usr/lib/freedombox/setup.d/86_plinth
 b/data/usr/lib/freedombox/setup.d/86_plinth
+@@ -37,6 +37,9 @@
+ echo "Running Plinth setup..."
+ 
+ # Run plinth setup to install various necessary program
+-plinth --setup
++plinth --setup-no-install
++
++# Ensure that DB and log file permissions are correct
++chown -R plinth: /var/lib/plinth /var/log/plinth
+ 
+ echo "Done running Plinth setup."
diff --git a/debian/patches/series b/debian/patches/series
index 3055da5..478ac7a 100644
--- a/debian/patches/series
+++ b/debian/patches/series
@@ -1,3 +1,4 @@
 0001-disable-privileged-actions-test.patch
 0002-skip-copy-doc-dir.patch
 0003-disable-restore-module.patch
+0004-fix-permissions.patch
-- 
2.9.3



signature.asc
Description: OpenPGP digital signature

Bug#837206: plinth: Change ownership of plinth.sqlite3 to plinth:plinth from root:root

[James Valleroy]

On Thu, 22 Sep 2016 07:42:38 -0400 James Valleroy
 wrote:
> On Sat, 10 Sep 2016 08:00:56 +0530 Sunil Mohan Adapa 
> wrote:
> >
> > In the upcoming release of Plinth, Plinth runs as non-root user
'plinth'.
> > Everything is ready for it, however, for users upgrading from older
> > version,
> > the ownership of the /var/lib/plinth/plinth.sqlite3 file needs to be
> > changed
> > from root:root to plinth:plinth. Otherwise, Plinth won't be able to
start
> > anymore unable to write to its own state file.
> >
> This seems to already be done with the current postinst. When I upgrade
> plinth, the files under /var/lib/plinth and /var/log/plinth are owned by
> plinth, where they were previously owned by root.

However there is still an issue for new installs. Although those folders
are owned by plinth, the db and log files are initially created by
"plinth --setup", which is run as root. We may need to patch
data/usr/lib/freedombox/setup.d/86_plinth/ to change the owner of these
files after "plinth --setup".



signature.asc
Description: OpenPGP digital signature

Bug#837206: plinth: Change ownership of plinth.sqlite3 to plinth:plinth from root:root

[James Valleroy]

On Sat, 10 Sep 2016 08:00:56 +0530 Sunil Mohan Adapa 
wrote:
>
> In the upcoming release of Plinth, Plinth runs as non-root user 'plinth'.
> Everything is ready for it, however, for users upgrading from older
> version,
> the ownership of the /var/lib/plinth/plinth.sqlite3 file needs to be
> changed
> from root:root to plinth:plinth. Otherwise, Plinth won't be able to start
> anymore unable to write to its own state file.
>
This seems to already be done with the current postinst. When I upgrade
plinth, the files under /var/lib/plinth and /var/log/plinth are owned by
plinth, where they were previously owned by root.


signature.asc
Description: OpenPGP digital signature

Bug#837206: plinth: Change ownership of plinth.sqlite3 to plinth:plinth from root:root

[Sunil Mohan Adapa]

Package: plinth
Version: 0.10.0-1
Severity: normal

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512

In the upcoming release of Plinth, Plinth runs as non-root user 'plinth'.
Everything is ready for it, however, for users upgrading from older version,
the ownership of the /var/lib/plinth/plinth.sqlite3 file needs to be changed
from root:root to plinth:plinth.  Otherwise, Plinth won't be able to start
anymore unable to write to its own state file.




-BEGIN PGP SIGNATURE-

iQIuBAEBCgAYBQJX03BXERxzdW5pbEBtZWRoYXMub3JnAAoJEEPqHP8Kp8XyxWsP
/0PemKxTKqN7k4PnUOIEtynE/Esf4j24dKp1PHyvy447QP4aUmpU3opuwTfU9GeZ
5+jwLeEnjRSlhKtcetaW89PX0mwqXgzpR1N1AjseYHQWidwqIj9ol9Inq3wt5UAh
+P4DqxWzvGWQEO/Ab9wtkmEOl+KAaKN+V/7Fq3uC1KjX2oLhgNGFsMf1pbvcm1ig
FtDHmlKhetbmwrlZ+Hnv+l7AbWMwI1knAj05883ZR2I2qWOmvKZncQ6ideRStkkL
EZOqoEznLrtJg+FnwFW0nBoOa1rrp66JUJC05EIo/TUVhfLovypNO/KBoe06mORI
ldCau+TbKWHbWv8MbfQht8ZAm3BfZMrBfL71Bt8jMBu8SghI/4T5lp4xUQiHj7sH
ntLdD0K0u7nMVoKtoMZtOgp0eFR7UE/p+GjuOxOBM/v2DD7hjGgUUWMdj4eacwOj
cuNRDFvuf+/kTP9rzo8cKgdKGxEXo8zfRoPW7nyNCvxfU/t2+blLC9ycipIe1DUm
o+7ic5tdtXoPFm6oK0hVMNnijfmPphwiXw2G9GVlRdJImZN6HPZQS9s303rASY4L
jztJDw4ZnT4A5iqUFMx609QpyOmIfO6Z06PRnBYXkyww9rX/t5eriC1GzZKu9JE5
iPNwmfMeagzEjDHlhLu4TsHpyh7NE7ZM17HMNXjcxRLz
=9NY0
-END PGP SIGNATURE-