[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: how to deal with screwed up package

On Sat, 19 Nov 2005, Bartosz Fenski aka fEnIo wrote:
I'm working on new package for FUSE[1]. Sad to come clean, but I screwed
previous package(s) up. There are plenty of bugs wrt debconf questions and
actions after them. There is also request[2] to simplify or even remove
questions at all.

Now I'm undecided what to do. The idea was to ask user for the group (gid)
that members will be able to use fusermount (sgid).

-rwsr-xr-x 1 root fuse 18360 Oct 14 18:58 /usr/bin/fusermount
Smells suid-ish to me...

If group was absent,
then postinst script was creating it, and put its name in
/etc/default/fuse-utils. But if chosen group existed already, then its name
is also in mentioned file.

As of the current version, fuse-utils will delete the group even if it hasn't created it -- this is not what someone would expect.

What about removing all debconf questions, creating/removing the "fuse" group unconditionally, and telling the user that chmod is -> over there. The current code uses /dev/fuse -- if the user can access that device within his/her privileges (group/ACLs/what not), you may allow him/her to proceed, and deny access otherwise.

The manpage would list two ways to let users use fuse:
* adduser some_user fuse
* [non-udev] chmod :some_group /dev/fuse
  [udev] edit /etc/udev/permissions.rules (owned by the "udev" package,
  and thus out of reach of "fuse-utils" anyway)
As the admin is supposed to read the manpage anyway, educating him in the debconf messages is not really needed.

/-----------------------\ Shh, be vewy, vewy quiet,
| kilobyte@mimuw.edu.pl | I'm hunting wuntime ewwows!
Segmentation fault (core dumped)

Reply to: