[e-smith-devinfo] RE: [DRAFT] myphpnuke rpm ready for download

[Charlie Brady]

On Fri, 24 Aug 2001, Darrell May wrote:

> Maybe Garret (or someone else) will be able to take a look at the source
> rpm I provided and see if other settings or changes may be required.

Just a few comments.

Where you do this:

chown -R www:www /opt/groupware/myphpnuke
chmod -R 750 /opt/groupware/myphpnuke

in the %post section, you are doing a couple of things that are a bad
idea. It's a good idea to leave files with the same ownership and
permissions as they have in the RPM, so that you can verify the installed
contents of the RPM using:

rpm -V e-smith-gw-myphpnuke

The way to accomplish this is either to:

- postprocess the output of genfilelist so that the filelist contains
  exactly the ownership and permission that you want:

So change this:

/sbin/e-smith/genfilelist $RPM_BUILD_ROOT > %{name}-%{version}-filelist

to:

/sbin/e-smith/genfilelist $RPM_BUILD_ROOT \
  | sed ':/opt/groupware/myphpnuke:s/root,root/www,www/' \
  > %{name}-%{version}-filelist

OR

- Make a change to genfilelist, or ask us to make a change in genfilelist,
  so that it knows the correct ownership and permissions for the files and
  directories you care about.

The next thing that is probably wrong is for all files and directories
under /opt/groupware/myphpnuke to be owned www.www. You want absolutely as
little as possible to be owned by www, as you do not want rogue or
exploitable CGIs to be able to modify your website or its behaviour.

And the final thing that is probably wrong is the permission 0750 for
everything under /opt/groupware/myphpnuke. For instance, you almost
certainly don't want .gif files which have executable permission. The
directories, on the other hand, probably already are 0750.

Otherwise, it's a good job, and good to see it out there.

> I'd be happy to make any changes necessary and release the next
> 1.8.7-1 rpm.

Excellent!

-- 

Charlie Brady                         [EMAIL PROTECTED]
Lead Product Developer
Network Server Solutions Group        http://www.e-smith.com/
Mitel Networks Corporation            http://www.mitel.com/
Phone: +1 (613) 368 4376 or 564 8000  Fax: +1 (613) 564 7739



--
Please report bugs to [EMAIL PROTECTED]
Please mail [EMAIL PROTECTED] (only) to discuss security issues
Support for registered customers and partners to [EMAIL PROTECTED]
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
Archives by mail and http://www.mail-archive.com/devinfo%40lists.e-smith.org