dpkg-statoverride sucks

To: debian-mentors@lists.debian.org
Subject: dpkg-statoverride sucks
From: Drew Parsons <dparsons@emerall.com>
Date: Tue, 30 Jan 2001 21:12:48 +1100
Message-id: <20010130211247.A18611@strider>
Mail-followup-to: Drew Parsons <dparsons@emerall.com>, debian-mentors@lists.debian.org
In-reply-to: <20010127235936.D23157@polya>; from J.D.Gilbey@qmw.ac.uk on Sat, Jan 27, 2001 at 11:59:36PM +0000
References: <20010127000754.A19801@zaz.com.br> <20010127023247.A12939@sumpf.cyrius.com> <20010127160621.A8726@silly.cloud.net.au> <20010127031049.A14479@zaz.com.br> <20010127141636.A889@sumpf.cyrius.com> <20010127235936.D23157@polya>

I have a question about dpkg-statoverride. I won't submit a bug, since maybe
I'm just trying to use it improperly, but as far as I can tell, it sucks
badly.

I'm packaging the new version of mirrormagic, which has a series of data
directories all with the setgid bit set (mode g+s). In particular it needs
setgid for writing high scores to /var/lib/games/mirrormagic, which has
a hierarchy of subdirectories underneath them, also setgid.
I want to be able to set /var/lib/games/mirrormagic with something like
chmod -R g+rws, recursively into all subdirectories.

Now when I do this by hand in debian/rules, it all works just fine.
But I was given to understand that setting gid mode was better done using
dpkg-statoverride for security reasons in the postinst script, using
something like:
/usr/sbin/dpkg-statoverride --update --add root games 2775 /var/lib/games/mirrormagic


However, there are then two problems with that:

1) first of all, dpkg-statoverride doesn't work recursively, so I'd have to
explicitly go all the way down the subdirectory heirarchies, listing each
one one by one.

2) even when I do list one of the directories in postinst, it doesn't work,
with the dpkg-statoverride command in postinst complaining:

  Setting up mirrormagic (2.0.0-1) ...
  warning: --update given but /var/lib/games/mirrormagic does not exist
  warning: --update given but /var/lib/games/mirrormagic/scores does not exist

The directories *do* exist, by the way (and I don't get this message with
/usr/games/mirrormagic, the executable file).  Needless to say, the
respective directories end up without mode g+rws, and therefore highscores
are lost.

Does this all mean that dpkg-statoverride is complete crap, or that my usage
of it is crap, or that it is simply intended only to handle setuid for
executable files, not setgid for directories (contrary to the man page which
says it does handle directories)?

Drew

-- 
PGP public key available at http://dparsons.webjump.com/drewskey.txt
Fingerprint: A110 EAE1 D7D2 8076 5FE0  EC0A B6CE 7041 6412 4E4A

Reply to:

Follow-Ups:
- Re: dpkg-statoverride sucks
  - From: Matt Zimmerman <mdz@debian.org>
- Re: dpkg-statoverride sucks
  - From: Julian Gilbey <J.D.Gilbey@qmw.ac.uk>

References:
- ITP bug closing
  - From: "Gustavo Noronha Silva \(KoV\)" <dockov@zaz.com.br>
- Re: ITP bug closing
  - From: Martin Michlmayr <tbm@cyrius.com>
- Re: ITP bug closing
  - From: Hamish Moffatt <hamish@debian.org>
- Re: ITP bug closing
  - From: "Gustavo Noronha Silva \(KoV\)" <dockov@zaz.com.br>
- Re: ITP bug closing
  - From: Martin Michlmayr <tbm@cyrius.com>
- Re: ITP bug closing
  - From: Julian Gilbey <J.D.Gilbey@qmw.ac.uk>

Prev by Date: Re: dh_suidregisted and potato/sid packages
Next by Date: Re: dpkg-statoverride sucks
Previous by thread: Re: ITP bug closing
Next by thread: Re: dpkg-statoverride sucks
Index(es):
- Date
- Thread