Re: on the use of chmod/chown in maintainer scripts

[Charles Plessy <plessy@debian.org>]

Le Sat, May 12, 2012 at 02:06:16PM -0700, Russ Allbery a écrit :
> 
> Usually because the UID is dynamically assigned and the user is created in
> the postinst, so there's no way for dpkg do do this at unpack.
> 
> You would need to apply permissions by name, not UID/GID, and you would
> need to create all users in preinst prior to unpack, which would require
> Pre-Depends on adduser with all the complexity that entails.  I haven't
> thought through that path to see if there are any other problems.

I see,

[please do not hesitate to answer on -mentors if I am getting trivial]

in some of my packages, I give the ownership on some directories in /var to
www-data without checking that the www-data group exists, but I guess it is
acceptable because it is globally allocated by base-passwd.

The way I do is simply to set the ownership when building the package, and let
dpkg do the rest for me.  For instance in emboss-explorer:

$ dpkg -c emboss-explorer_2.2.0-7_all.deb | grep -C 2 www-data
drwxr-xr-x root/root         0 2008-12-07 23:41 ./var/lib/
drwxr-xr-x root/root         0 2008-12-07 23:41 ./var/lib/emboss-explorer/
drwxr-xr-x www-data/www-data 0 2008-12-07 23:41 ./var/lib/emboss-explorer/output/
drwxr-xr-x root/root         0 2008-12-07 23:41 ./usr/
drwxr-xr-x root/root         0 2008-12-07 23:41 ./usr/lib/

Dpkg will not update permissions or ownership, but when creating the directory
it will apply the ones in the 'data' tar archive.  So if there was no package
released with wrong settings, I assume this is safe.  Or am I simply relying on
something undocumented and unwaranteed ?

Have a nice Sunday,

-- 
Charles Plessy
Debian Med packaging team,
http://www.debian.org/devel/debian-med
Tsurumi, Kanagawa, Japan