Re: setgid crontab
On Sat, Aug 02, 2003 at 03:53:00PM -0500, Steve Greenland wrote:
> On 02-Aug-03, 14:51 (CDT), Steve Greenland <steveg@moregruel.net> wrote:
> > Beyond the coding (which is mostly removing setuid()
> > calls), this involves the following changes:
>
> To ship the setgid program, I need to have the group 'cron' on the
> build system. Not a problem for me, of course, but how do I indicate
> to the build daemons this requirement? Or should I just set the group
> and mode of /usr/bin/crontab and the directories in the postinst? The
> downside is that doing so would seem to override any local requirements
> or dpkg-statoverrides that the admin might have set.
>
> I did not find any guidance in either the Policy manual or the
> Developers Reference, if I missed it, please point me in the right
> direction.
This is a common problem, and there have been discussions recently about how
to address it. The solutions which I find most appealing involve creating
some simple tools to set ownership to non-existent users in the .deb, and
running adduser/addgroup in the preinst.
However, until that solution is implemented, the next best thing is usually
to do something like:
if ! dpkg-statoverride --list $file >/dev/null; then
...do the magic...
fi
This way, if the admin adds a statoverride, you leave things alone.
--
- mdz
Reply to: