Hello, I have started co-maintaining a webapp package, dokuwiki. This webapp stores dynamic data – possibly private – on the file system. I could not find this case on the webapp draft manual (to be added?), but this directory is currently www-data:root 0700 /var/lib/dokuwiki/data It also includes a page for plugin management, that allows to add components to the webapp. I think this can be considered as dynamic data: www-data:root 0755 /var/lib/dokuwiki/plugins Finally, it also includes a web page for configuration management. This case is documented in the draft manual: root:www-data 0664 /etc/dokuwiki/local.php However, giving write access to the configuration, and specially to the plugins – that modify the application behaviour –, seems quite sensitive to me. In addition, the webapp is still usable and manually manageable without such rights. So I am thinking about using debconf to ask the user whether he wants to allow it. For the configuration, it results in a chown/chmod in the postinst. For the plugins, I think it requires a dpkg-statoverride. Do you know examples of such uses? Regards, -- Tanguy Ortolo
Attachment:
signature.asc
Description: Digital signature