On Wed, Jul 05, 2006 at 04:02:43AM -0400, sean finney wrote: >On Wed, Jul 05, 2006 at 04:39:12PM +1000, Matthew Palmer wrote: >> dpkg-statoverride is a tool for the system administrator to specify a >> different mode or ownership for a file to that which is provided in the >> package. It is not meant to be used by the package. > >there are cases where it's appropriate for a package to use it. for >example, if the package creates the user that is supposed to own a file, >and later changes the ownership to that user in the maintscripts. in >this case it would be appropriate to use this tool to check if the >local admin has overrided the permissions, and if so, keep the >permissions respected.
There are two cases where shipping the binary with the correct ownership or permission is not possible: * the user meant to own the files is dynamically created, or * the permissions for a file are a debconf option In such cases it is necessary in the postinst to do: if ! dpkg-statoverride --list $file >/dev/null 2>&1 then chown $user:$group $file # and/or chmod $mode $file fi Which will only set the permissions if the local administrator has not supplied other values. Just looking at various postinst scripts now, I note that some packages use dpkg-statoverride to apply the changes rather than chown/chmod. Not quite sure of the rationale behind this. In my opinion, setting permissions via dpkg-statoverride should be limited to the local admin only. It also means that you need to remove the override in the postrm and complicates the case where you wish to change the default values used. In both cases you need to compare the values returned by --list and only remove/change if those values match what was previously set by the package. Even with this test, there is *no way to be sure* that the override was originally set by the package. Could be that the administrator set the override with those values to ensure they didn't change. Summary for maintainer scripts: * Don't use chown/chmod in without first testing dpkg-statoverride --list. * Don't use dpkg-statoverride to apply owner/group/mode changes. --bod -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]