On Tue, Jul 27, 2010 at 03:47:48PM -0500, Matt Zagrabelny wrote: > On Tue, Jul 27, 2010 at 3:26 PM, Chris Baines <firstname.lastname@example.org> wrote: > > On Wed, 2010-07-28 at 05:52 +1000, Matthew Palmer wrote: > >> On Tue, Jul 27, 2010 at 10:03:42AM -0500, Matt Zagrabelny wrote: > >> > On Tue, Jul 27, 2010 at 6:53 AM, Chris Baines <email@example.com> wrote: > >> > > Hello Mentors, > >> > > > >> > > I am looking at creating packages that involve programs that create > >> > > caches while running of images or other files. But I am a bit stumped at > >> > > what to do with the files they create, both where they are meant to go > >> > > and with what permissions. > >> > > >> > one of these two, I would wager: > >> > > >> > /var/cache/ > >> > /var/lib > >> > >> Scratch /var/lib from that list. If the data can be recreated from another > >> source, then it's cache data and should *not* live in /var/lib. > >> > >> > As for the permissions > >> > > >> > root:root 644 > >> > >> If the files are created by root-owned processes, sure. It kinda smells > >> like this is going to be done by a user-run process, which means you won't > >> be able to apply that ownership. You will probably have to revert to > >> per-user data stored in the homedir, unless you want to start stuffing > >> around with suid wrappers or some such. > >> > >> - Matt > >> > > > > Yes, the programs are run with user level permissions. While per user > > data would be a solution I don't want to use it just to make this > > easier. Are there any packages that deal with these problems? > > You could create a group and then do something like: > > addgroup newpackage > mkdir /var/cache/newpackage > chown root:newpackage /var/cache/newpackage > chmod 775 /var/cache/newpackage > > New users who would use this package would need to be added to said group: > > adduser joeuser newpackage Or, of couse, you could go the /var/mail and /dev/ptmx route: addgroup newpackage install -d -o root -g newpackage -m 775 /var/cache/newpackage install -o root -g newpackage -m 2755 program /usr/bin/program The only drawback would come if this is not about a program, but, say, a library - in that case, either every program using that library would need to be setgid (ugh!), or you could go the "grantpty" way and make a little setgid helper program to manipulate the cache files and let the library execute that program... and hope that the program using the library is not threaded or anything. But if this is about a program (or a suite of programs) manipulating the cache, then I personally would prefer that way. G'luck, Peter -- Peter Pentchev firstname.lastname@example.org email@example.com roam@FreeBSD.org PGP key: http://people.FreeBSD.org/~roam/roam.key.asc Key fingerprint FDBA FD79 C26F 3C51 C95E DF9E ED18 B68D 1619 4553 Thit sentence is not self-referential because "thit" is not a word.
Description: Digital signature