Re: Adding file permissions to /var/lib/dpkg/*.list
On 04/05/07, Bruce Sass <firstname.lastname@example.org> wrote:
On Fri May 4 2007 11:41:11 am Conrado Buhrer wrote:
> Hello all,
> I would probably be a nice feature to have file permissions added to
> /var/lib/dpkg/*.list files for several reasons.
> In case of mistakes all file permissions could be restored.
What kind of mistakes?
Well, some guy entered our chat channel #linux on IRCnet with having
run a script he made to recursively set permissions on a directory
tree. Unfortunately he broke his whole distribution. Its a common
newbie mistake to change permissions without thinking about the
consequences. On debian you could not write a script on your own to
fix this without having to download every package again, or packages
on a cd, etc.
Other problems might be archiving errors where you gave the wrong
parameters to tar, ar, etc.
> It would facilitate installed package verification,
> eliminating the need for tripwire.
Tripwire does more than keep track of permissions.
True, tripwire does much more. I couldn't say it would eliminate
tripwire. I shouldn't have put it that way. But it would help to
quickly fix some situations and prevent you from having to do a full
> Perhaps you can think of more.
I'm having trouble thinking of the two or three (far less
than "several") reasons you've mentioned.
Well, I think you can run already run md5sum checks on your whole
Debian install from your own drive, it only seems reasonable to me to
also be able to set/check the appropriate permissions as well.
> RPM does it, Solaris pkg does it, AIX supports it. Why not dpkg?
I don't know.
Why do RPM, Solaris and AIX pkg managers keep track of permissions; what
kinds of operations can those other pkg managers do which dpkg is
prevented from doing because it doesn't keep track of permissions?
Well, I've said that you can reset all file permissions from a package
install standard. I know RPM at least can do that with a single
command. I wouldn't care if dpkg had the added functionality to do
that as of yet because I can code the script to fix the perms, but not
without having that little bit of extra info in the *.list files, or
downloading each .deb again.
All the best, Conrado.