Hello,
I have started co-maintaining a webapp package, dokuwiki.
This webapp stores dynamic data – possibly private – on the file system.
I could not find this case on the webapp draft manual (to be added?),
but this directory is currently
www-data:root 0700 /var/lib/dokuwiki/data
It also includes a page for plugin management, that allows to add
components to the webapp. I think this can be considered as dynamic
data:
www-data:root 0755 /var/lib/dokuwiki/plugins
Finally, it also includes a web page for configuration management. This
case is documented in the draft manual:
root:www-data 0664 /etc/dokuwiki/local.php
However, giving write access to the configuration, and specially to the
plugins – that modify the application behaviour –, seems quite sensitive
to me. In addition, the webapp is still usable and manually manageable
without such rights. So I am thinking about using debconf to ask the
user whether he wants to allow it. For the configuration, it results in
a chown/chmod in the postinst. For the plugins, I think it requires a
dpkg-statoverride. Do you know examples of such uses?
Regards,
--
Tanguy Ortolo
Attachment:
signature.asc
Description: Digital signature