[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: fakeroot forcing filemodes

On Sun, 3 Aug 1997, joost witteveen wrote:

> As you may be aware, the "fakeroot" package allows execution of commands
> in an envrionment where getuid(),chown(), chmod(), stat() etc are
> wrapped to make it appear the user really is root.
> This allows the use of "dpkg-buildpackage -rfakeroot", so debian packages
> do not need to be build as root any more (merely fakeroot).
> But this allows for more: Fakeroot_0.0-7a (just released, due to problems
> with master only available on ftp://rulcmc.leidenuniv.nl/debian/upload),
> also (by default) refuses to do things like
>   chmod og-r foo
> as this is not allowed by the Debian Policy Manual: Section 3.3.8
> only allows for dirs with mode 04755 or 02775, and files should
> have at least mode 0644.
> This was (I think) suggested by Christian Schwarz, and I now really
> like this feature: Turns out that about every X package that uses 
> xmkmf violates the debian policy, as all manual pages, header files,
> etc are installed mode 0444 (just filed a bug about this, against xlib6-dev).

(These section have been in the policy manual a long before I took over
maintainance of it.)

Note, that policy says "should", not "must". Thus, exceptions are allowed
(as for /etc/shadow, for example). But you're right, there is no reason
why manual pages and include files should be installed mode 0444--mode
0644 should be used for this.

> However, there are places where files with mode less than 0644,
> or dirs with mode less than 04755 should be permissable:
> /etc/shadow, and, as recently suggested on bugtraq, /etc/ircd/
> (the latter directory contains /etc/shadow like files).
> This could be solved with an environment variable "FAKEROOTOPT=--nodebian",
> that would switch off this behaviour. Then the rules file would have:
> 	FAKEROOTOPT=--nodebian chmod 0700 /etc/ircd
> This would work both for non-fakeroot builds, and for fakeroot builds.
> On the other hand, /etc/shadow isn't too much of a problem, as that
> one appears to be created by a postinst script. And the /etc/ircd 
> problem could be solved by saying /etc/ircd can be mode 04755, and the
> passwd like files in that dir should be created in the postinst.
> So is there really a problem here? Maybe it would be OK to have a
> strict rule "no .deb package may contain files with modes less than
> 0644 etc"?

Why make things more complicated than they are? What advantage would this

I think we should keep the "should" clause in the policy--most packages
"should" comply to this, but there may be exceptions. I suggest that you
change the fakeroot package to issue a warning if a mode less than 644 is
used, but don't let it fail.



--          _,,     Christian Schwarz
           / o \__   schwarz@monet.m.isar.de, schwarz@schwarz-online.com,
           !   ___;   schwarz@debian.org, schwarz@mathematik.tu-muenchen.de
           \  /        
  \\\______/  !        PGP-fp: 8F 61 EB 6D CF 23 CA D7  34 05 14 5C C8 DC 22 BA
   \          /         http://fatman.mathematik.tu-muenchen.de/~schwarz/

TO UNSUBSCRIBE FROM THIS MAILING LIST: e-mail the word "unsubscribe" to
debian-devel-request@lists.debian.org . 
Trouble?  e-mail to templin@bucknell.edu .

Reply to: