Bug#332264: tex-common: permission-handling of ls-R files is one-way

[Norbert Preining <preining@logic.at>]

Hi Frank!

On Don, 06 Okt 2005, Frank Küster wrote:
> of debconf ("debconf is not a registry").

Ok, you are right.

> alternative suggestion in pseudocode:
> 
> config
> ======
> 
> do ls-R files exist? If yes:
> 
> - get permissions and ownership of ls-R files for /var/cache/fonts,
>   /var/lib/texmf and /usr/share/texmf
> 
> - sort these files into "664files" and "644files"
> 
> - check which files are in 664files, and db_set managedlsr to these
>   files 
> 
> - db_input managedlsr, i.e. ask the question which files should be
>   group-writeable.  Rephrase the question so that it asks about
>   "writeable by *their* group".
> 
> - db_get managedlsr and change 664files to be the new selection
> 
> - for(664files){
>     # (we don't care about the owner at all, we only handle group
>     # permissions) 
>     If SameGroup then {
>         # in this case, we ask for group ownership and eventually change it
>         CommonGroup=Group(664files)
>         }
>     else {
>         # in this case, we don't ask about or touch group ownership
>         CommonGroup=""
>         }
>   }
> 
> - db_set groupname Commongroup
>   # i.e. it gets empty when they have not the same group
> 
> - If [ -n Commongroup ] then {
>      # at this place, we could *maybe* introduce a new default.  I'm unsure.
>      db_input groupname 
>      }


config.in implementation proposal, please comment:
#
# first we collect those ls-R files which are group writeable in truegwrite
# and those which are not group writeable in falsegwrite
# furthermore we save the respective group and write permission in ${i}group
truegwrite=""
falsegwrite=""
for i in var cache main ; do
    ${i}group=""
    lsr=`select_lsrfile $i`
    if [ -r $lsr ] ; then
        ${i}group=`echo $lsr | awk '{print$4}'`
        if ls -l $lsr | grep -q ^.....w ; then
            $truegwrite="$truegwrite $i"
        else
            $falsegwrite="$falsegwrite $i"
        fi
    fi
done
#
# now we save the list of group writeable ls-R files to
# tex-common/managedlsr
db_set tex-common/managedlsr $truegwrite || true
#
# and ask the user to check if this selection is ok
db_input low tex-common/managedlsr || true
db_go

#
# get the answer of the users, ie what files should really be group
# writeable
db_get tex-common/managedlsr && SELECTED_LSR="$RET"
if [ -n "$SELECTED_LSR" ]; then
    maybe_move_answer_and_delete groupname
    maybe_move_answer_and_delete groupperm
    maybe_move_answer_and_delete userperm
    #
    # we check wether all the group writeable files belong to the same group
    # if yes, we suggest this group and ask the groupname question,
    # otherwise we ignore this and do *not* play around with groups.
    iscommongroup=-1
    for i in $SELECTED_LSR ; do
      if [ "X$iscommongroup" = "X-1" ] ; then
         iscommongroup=${i}group
      else
         if [ ! ${i}group = $iscommongroup ] ; then
            iscommongroup = ""
         fi
      fi
    done
    db_set tex-common/groupname "$iscommongroup" || true
    if [ -n $iscommongroup ] ; then
      db_input low tex-common/groupname || true
      db_go
    fi
fi
#
# we do not care for user permissions in this setting!
#

Please note that we do not care for user permissions ATM, this way.

> postinst
> ========
> 
> - 664files="$RET of db_get managedlsr", 644files=allfiles NOT 664files
> 
> - for(664files) {chmod g+w}
>   for(644files) {chmod g-w}
> 
> - groupname="$RET of db_get groupname"
> 
> - If [ -n groupname ] then { for(664files) {chown :groupname}} (else nothing)

postinst.in implementation proposal, please comment:

    db_get tex-common/managedlsr || true
    if [ -n "$RET" ] ; then
      falsegwritefiles=""
      MANAGEDLSR="$RET"
      for i in var cache main ; do
          if echo $MANAGEDLSR | grep -q $i ; then
              :
          else
              $falsegwritefiles="$falsegwritefiles $i"
          fi
      done
      for i in $MANAGEDLSR ; do
          lsr=`select_lsrfile $i`
          chmod g+w $lsr
      done
      for i in $falsegwritefiles ; do
          lsr=`select_lsrfile $i`
          chmod g-w $lsr
      done
      db_get tex-common/groupname || true
      LSRGROUP="$RET"
      if [ -n $LSRGROUP ] ; then
        for i in $MANAGEDLSR ; do
            lsr=`select_lsrfile $i`
            chgrp -v $LSRGROUP $lsr 2>/dev/null | fgrep changed || true
        done
      fi
    else
      echo "Fixing permissions of ls-R files ..."
      chmod -v 644 $LSRS 2>/dev/null | fgrep changed || true
    fi


Here it is not clear what we should do at the end, when NO group file is
selected, ie the last else clause. Probably we shouldn't touch anything
at all!


Best wishes and good night

Norbert

-------------------------------------------------------------------------------
Dr. Norbert Preining <preining AT logic DOT at>             Università di Siena
sip:preining@at43.tuwien.ac.at                             +43 (0) 59966-690018
gpg DSA: 0x09C5B094      fp: 14DF 2E6C 0307 BE6D AD76  A9C0 D2BF 4AA3 09C5 B094
-------------------------------------------------------------------------------
CORRIEVORRIE (n.)
Corridor etiquette demands that one a corriedoo (q.v.) has been
declared, corrievorrie must be employed. Both protagonists must now
embellish their approach with an embarrassing combination of waving,
grinning, making idiot faces, doing pirate impressions, and waggling
the head from side to side while holding the other person's eyes as
the smile drips off their face, until with great relief, they pass
each other.
			--- Douglas Adams, The Meaning of Liff