Re: fakeroot forcing filemodes
On Sun, 3 Aug 1997, joost witteveen wrote:
> As you may be aware, the "fakeroot" package allows execution of commands
> in an envrionment where getuid(),chown(), chmod(), stat() etc are
> wrapped to make it appear the user really is root.
> This allows the use of "dpkg-buildpackage -rfakeroot", so debian packages
> do not need to be build as root any more (merely fakeroot).
> But this allows for more: Fakeroot_0.0-7a (just released, due to problems
> with master only available on ftp://rulcmc.leidenuniv.nl/debian/upload),
> also (by default) refuses to do things like
> chmod og-r foo
> as this is not allowed by the Debian Policy Manual: Section 3.3.8
> only allows for dirs with mode 04755 or 02775, and files should
> have at least mode 0644.
> This was (I think) suggested by Christian Schwarz, and I now really
> like this feature: Turns out that about every X package that uses
> xmkmf violates the debian policy, as all manual pages, header files,
> etc are installed mode 0444 (just filed a bug about this, against xlib6-dev).
(These section have been in the policy manual a long before I took over
maintainance of it.)
Note, that policy says "should", not "must". Thus, exceptions are allowed
(as for /etc/shadow, for example). But you're right, there is no reason
why manual pages and include files should be installed mode 0444--mode
0644 should be used for this.
> However, there are places where files with mode less than 0644,
> or dirs with mode less than 04755 should be permissable:
> /etc/shadow, and, as recently suggested on bugtraq, /etc/ircd/
> (the latter directory contains /etc/shadow like files).
> This could be solved with an environment variable "FAKEROOTOPT=--nodebian",
> that would switch off this behaviour. Then the rules file would have:
> FAKEROOTOPT=--nodebian chmod 0700 /etc/ircd
> This would work both for non-fakeroot builds, and for fakeroot builds.
> On the other hand, /etc/shadow isn't too much of a problem, as that
> one appears to be created by a postinst script. And the /etc/ircd
> problem could be solved by saying /etc/ircd can be mode 04755, and the
> passwd like files in that dir should be created in the postinst.
> So is there really a problem here? Maybe it would be OK to have a
> strict rule "no .deb package may contain files with modes less than
> 0644 etc"?
Why make things more complicated than they are? What advantage would this
I think we should keep the "should" clause in the policy--most packages
"should" comply to this, but there may be exceptions. I suggest that you
change the fakeroot package to issue a warning if a mode less than 644 is
used, but don't let it fail.
-- _,, Christian Schwarz
/ o \__ firstname.lastname@example.org, email@example.com,
! ___; firstname.lastname@example.org, email@example.com
\\\______/ ! PGP-fp: 8F 61 EB 6D CF 23 CA D7 34 05 14 5C C8 DC 22 BA
\ / http://fatman.mathematik.tu-muenchen.de/~schwarz/
"DIE ENTE BLEIBT DRAUSSEN!"
TO UNSUBSCRIBE FROM THIS MAILING LIST: e-mail the word "unsubscribe" to
Trouble? e-mail to firstname.lastname@example.org .