Package: debian-policy Here's the current text of the latter part of section 10.9.1: ============ Given the above, dpkg-statoverride is essentially a tool for system administrators and would not normally be needed in the maintainer scripts. There is one type of situation, though, where calls to dpkg-statoverride would be needed in the maintainer scripts, and that involves packages which use dynamically allocated user or group ids. In such a situation, something like the following idiom can be very helpful in the package's postinst, where sysuser is a dynamically allocated id: for i in /usr/bin/foo /usr/sbin/bar do if ! dpkg-statoverride --list $i >/dev/null then dpkg-statoverride --update --add sysuser root 4755 $i fi done The corresponding dpkg-statoverride --remove calls can then be made unconditionally when the package is purged. ============ This means that the files are unpacked with whatever permissions were in the package, and are then modified during postinst. In addition, if the sysadmin removes the statoverride entry, the postinst will blindly add it back again later. So, let's break down what happens a bit: - dpkg unpacks the files, with their original permissions - postinst creates a user - postinst adds a statoverride to change the permissions The "problem" is that the user doesn't exist until after you unpack the files. Adding a statoverride here is a somewhat strange approach in its own right, ignoring such matters as the period between unpack and configure when permissions/owners are wrong. I suggest that this sequence would make more sense: - preinst creates a user - dpkg unpacks the files It's easier to understand and doesn't tread on the admin's toes as much. Note that dpkg stores users by name, not by uid. I propose replacing the above text entirely with this: ============ Given the above, dpkg-statoverride is a tool for system administrators and is not needed in the maintainer scripts. ============ And appending this text to section 10.9: ============ If you want files in a package to be owned by a dynamically allocated user or group, then you should create the user or group in preinst, so that it is present when the package is unpacked. ============ -- .''`. ** Debian GNU/Linux ** | Andrew Suffield : :' : http://www.debian.org/ | `. `' | `- -><- |
Attachment:
pgpjQzMRqqZMh.pgp
Description: PGP signature