Re: Adding file permissions to /var/lib/dpkg/*.list
Bruce Sass writes:
> I can't help wondering... if dpkg did keep track of permissions, would
> it interfere with sysadmins who want to change the packaged
> permissions. At the very least there would need to be a way to update
> the package DB with locally set permissions.
That's what dpkg-statoverride is for already.
> OK. I think it would be better to achieve that by hooking a script which
> records permissions into APT. e.g.:
>
> --- /etc/apt/apt.conf.d/??permissions (cut'n'edit from 90debsums) ---
> DPkg::Post-Invoke { "if [ -x /usr/bin/debpermissions ];
> then /usr/bin/debpermissions --record; fi"; };
> ---
Something similar to debsums, yes.
> :) dpkg and the Maintainers don't need to get involved
> :) development could proceed at its own pace
> :) may be able to discover info dpkg doesn't know about
> :) doesn't get forced on those who don't want/need it
> :( doesn't work with dselect-only systems
>
> There is the big question of whether it is possible to reliably record
> the proper permissions in all cases... dpkg currently can't do it
> because scripts can modify stuff after it has been installed, and I
> don't think APT can guarantee a hooked in script will run after all
> install spawned scripts have finished. At best you'll have an
> incomplete picture, at worst the wrong info (with the potential to mess
> up unrelated [to where the "mistakes" were made] parts of the system).
Probably only the permissions for files in the packages would be able
to be stored.
Regards,
Sven
Reply to: