Re: Could someone clarify dpkg-statoverride please? (Was Re: dpkg-statoverride and creating users in postinst)
Package: dpkg
Version: 1.8.3.1
Severity: minor
On Tue, Feb 13, 2001 at 09:38:35AM +0100, J?r?me Marant wrote:
> This is an extract from dpkg-statoverride manpage:
>
> `stat overrides' are a way to tell dpkg to use a different
> owner or mode for a file when a package is installed.
> (note: I use the word `file' here, but in reality this can
> be any filesystem object that dpkg handles, including
> directories, devices, etc.). This can be used to force
> programs that are normall setuid to be install without a
> setuid flag, or only executable by a certain group.
"This can be used *by the sysadmin* to force..." The manpage should
be clarified.
> However, the use of dpkg-statoverride within a package is yet unclear to
> me.
You don't ever use it to set permissions in maintainer scripts; see
below.
> With suidregister, we used to:
> - override setuid/setgid when building the package (debian/rules)
> - readd setuid/setgid permissions in the postinst with suidregister
> - remove setuid/setgid permissions in the postrm with suidunregister
Almost. We asked suidregister to set (not necessarily add) the
setuid/setgid permissions as required. suidregister would note the
package maintainer's request and compare it to its existing database.
If there was a manual override present, the maintainer's version would
be ignored, otherwise it would be used.
> Can someone tell me what's exactly to be done now with dpkg-statoverride?
> Can we embbed setuid/setgid executables in the package and dpkg-statoverride
> will be used only to override permissions to non-setuid/non-setgid ?
In the new setup, we put the most usual version in the .deb; if the
program would normally be run setuid/setgid then that is what should
be in the .deb; if it is normally run non-setuid/non-setgid, then that
should be put in the .deb. Should the sysadmin wish to change things
from the default, they run the dpkg-statoverride --update --add
command, and then that becomes the default from then on. Dpkg will
automatically examine the statoverride file every time a package is
installed to see whether there are any local statoverrides; you don't
need to do anything in your maintainer scripts any longer.
Julian
--
=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
Julian Gilbey, Dept of Maths, Queen Mary, Univ. of London
Debian GNU/Linux Developer, see http://people.debian.org/~jdg
Donate free food to the world's hungry: see http://www.thehungersite.com/
Reply to: