[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Adding file permissions to /var/lib/dpkg/*.list

Bruce Sass writes:
> I can't help wondering... if dpkg did keep track of permissions, would 
> it interfere with sysadmins who want to change the packaged 
> permissions. At the very least there would need to be a way to update 
> the package DB with locally set permissions.

That's what dpkg-statoverride is for already.

> OK. I think it would be better to achieve that by hooking a script which 
> records permissions into APT. e.g.:
> --- /etc/apt/apt.conf.d/??permissions (cut'n'edit from 90debsums) ---
> DPkg::Post-Invoke { "if [ -x /usr/bin/debpermissions ]; 
> then /usr/bin/debpermissions --record; fi"; };
> ---

Something similar to debsums, yes.

> :) dpkg and the Maintainers don't need to get involved
> :) development could proceed at its own pace
> :) may be able to discover info dpkg doesn't know about
> :) doesn't get forced on those who don't want/need it
> :( doesn't work with dselect-only systems 
> There is the big question of whether it is possible to reliably record 
> the proper permissions in all cases... dpkg currently can't do it 
> because scripts can modify stuff after it has been installed, and I 
> don't think APT can guarantee a hooked in script will run after all 
> install spawned scripts have finished. At best you'll have an 
> incomplete picture, at worst the wrong info (with the potential to mess 
> up unrelated [to where the "mistakes" were made] parts of the system).

Probably only the permissions for files in the packages would be able
to be stored.



Reply to: