Julian Gilbey: > But in cases where the only meaningful installation was suid or sgid (for > example, /bin/su), the deb always held a suid or sgid binary.
Hmmm, so my use of suidregister/dpkg-statoverride in the jwhois package isn't really a correct implementation? I am creating a group when the package is installed to own the shared cache it uses, and setgid the binary and the cache directory to that group. I also remove the group on de-installation. Should I really just chown/chmod the binary and the cache directory in the installation scripts, and not call dpkg-statoverride as I do now? I have this in the postinst (after adding a group with addgroup): ===[ cut ]=== # Setgid binary to the jwhois group, and add it to dpkg-statoverride # unless it's already overriden. if chown root.jwhois /usr/bin/jwhois; then chmod 02755 /usr/bin/jwhois fi if test "$jwhoisoverride" = ""; then dpkg-statoverride --add root jwhois 02755 /usr/bin/jwhois || echo "Failed adding statoverride for /usr/bin/jwhois" else echo Statoverride already set for /usr/bin/jwhois fi ===[ end cut ]=== And something similar for the cache directory. -- \\// peter - http://www.softwolves.pp.se/ Statement concerning unsolicited e-mail according to Swedish law: http://www.softwolves.pp.se/peter/reklampost.html
