Hello,
Richard A Nelson <[EMAIL PROTECTED]> wrote:
>> I had the same problems. The package installation set the
>> permissions on /etc/libnss-ldap.conf to 600. Making the file
>> readable by everyone fixed it.
> Setting the file to 0600 should only happen if the 1st debconf
> question (make config file readable by its owner only?), and nscd
> is installed.
That's wrong, there isn't any test to verify if nscd is present,
even debconf says "Note: As a sanity check, libnss-ldap will check if you have
nscd installed and will only set the mode to 0600 if nscd is present."
Extract from libnss-ldap.postinst:
--8<--
db_get libnss-ldap/confperm
if [ "$RET" = "true" ]; then
# FIXME: we need a way to check if the file
# was 0700 and we removed the flag.
chmod 0600 $CONFFILE
else
# ICK! ugly hack, but i didn't get anything
# better to work.
find $CONFFILE -perm 0600 -exec chmod 0644 {} \;
fi
--8<--
Anyway, please don't manage permissions of the *highly critical*
libnss-ldap.conf file with debconf. A classical example is when
you install libnss-ldap/nscd and libnss-ldap/confperm=true,
and later - for some reasons - you remove nscd and you
"chmod 644 libnss-ldap.conf". Next upgrade will be:
# ls -l libnss-ldap.conf
-rw-r--r-- 1 root root 9863 2008-02-15 18:40 libnss-ldap.conf
# dpkg -l nscd | grep un
un nscd <none> (no description available)
# aptitude upgrade
[...]
Preparing to replace libnss-ldap 251-7.5 (using
.../libnss-ldap_251-7.5etch1_i386.deb) ...
Unpacking replacement libnss-ldap ...
Setting up libnss-ldap (251-7.5etch1) ...
# ls -l libnss-ldap.conf
-rw------- 1 root root 9863 2008-02-15 20:55 libnss-ldap.conf
^^^^^^^^^^
IMHO it's too hard to remember that libnss-ldap.conf permissions are stored in
debconf because it's not a common way of doing...
Regards,
--
Gregory Colpart <[EMAIL PROTECTED]> GnuPG:1024D/C1027A0E
Evolix - Informatique et Logiciels Libres http://www.evolix.fr/
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
