[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: A question on setting setuid bit

On Wed, Jul 05, 2006 at 07:34:02AM +0200, Bartosz Fenski aka fEnIo wrote:
> On Tue, Jul 04, 2006 at 08:37:52PM -0400, LEE, Yui-wah (Clement) wrote:
> > I am building a package in which one of the binary has
> > to have the setuid and setgid bits set.  I wonder which
> > one of the following two is the more appropriate method
> > to use?
> > 
> > 1. Use "install -m 6755 <file> <dir>" in the install
> >    target of the Makefile.
> > 
> >    However, I already tried this method and it did not
> >    work.  The "install" program that I am using is part
> >    of the GNU coreutils.  I could not find any specific
> >    confirmation that the setuid and setgid bits
> >    (i.e. the first digit "6" in the numeric mode
> >    "6755") can be used with the install program (the
> >    document says only that the -m switch works "as in"
> >    chmod).
> > 
> > 2. Add a "chmod ug+s" command in the postinst script.
> 3. Use dpkg-statoverride in your postinst script. 

dpkg-statoverride is a tool for the system administrator to specify a
different mode or ownership for a file to that which is provided in the
package.  It is not meant to be used by the package.

The correct answer, in this case, is to ensure that the file in the package
has the appropriate permissions, and then use the -X option to dh_fixperms
to ensure that fixperms doesn't turn the permissions back to the default.

- Matt

Reply to: