[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Could someone clarify dpkg-statoverride please? (Was Re: dpkg-statoverride and creating users in postinst)

Package: dpkg
Version: 1.8.3.1
Severity: minor

On Tue, Feb 13, 2001 at 09:38:35AM +0100, J?r?me Marant wrote:
> This is an extract from dpkg-statoverride manpage:
> 
>        `stat overrides' are a way to tell dpkg to use a different
>        owner  or  mode  for  a  file when a package is installed.
>        (note: I use the word `file' here, but in reality this can
>        be  any  filesystem  object  that  dpkg handles, including
>        directories, devices, etc.).  This can be  used  to  force
>        programs  that  are normall setuid to be install without a
>        setuid flag, or only executable by a certain group.

"This can be used *by the sysadmin* to force..."  The manpage should
be clarified.

> However, the use of dpkg-statoverride within a package is yet unclear to
> me.

You don't ever use it to set permissions in maintainer scripts; see
below.

> With suidregister, we used to:
> - override setuid/setgid when building the package (debian/rules)
> - readd setuid/setgid permissions in the postinst with suidregister
> - remove setuid/setgid permissions in the postrm with suidunregister

Almost.  We asked suidregister to set (not necessarily add) the
setuid/setgid permissions as required.  suidregister would note the
package maintainer's request and compare it to its existing database.
If there was a manual override present, the maintainer's version would
be ignored, otherwise it would be used.

> Can someone tell me what's exactly to be done now with dpkg-statoverride?
> Can we embbed setuid/setgid executables in the package and dpkg-statoverride
> will be used only to override permissions to non-setuid/non-setgid ?

In the new setup, we put the most usual version in the .deb; if the
program would normally be run setuid/setgid then that is what should
be in the .deb; if it is normally run non-setuid/non-setgid, then that
should be put in the .deb.  Should the sysadmin wish to change things
from the default, they run the dpkg-statoverride --update --add
command, and then that becomes the default from then on.  Dpkg will
automatically examine the statoverride file every time a package is
installed to see whether there are any local statoverrides; you don't
need to do anything in your maintainer scripts any longer.

   Julian

-- 
=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-

         Julian Gilbey, Dept of Maths, Queen Mary, Univ. of London
       Debian GNU/Linux Developer,  see http://people.debian.org/~jdg
  Donate free food to the world's hungry: see http://www.thehungersite.com/
Reply to: