[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Bug#352394: tex-common: permission scheme for /var/cache/fonts

Norbert Preining <preining@logic.at> wrote:

> On Mon, 13 Feb 2006, Frank Küster wrote:
>> If we do this, why not drop any special handling of TEXMFMAIN and
>> TEXMFVAR completely?  Local admins with special needs can always use
>> dpkg-statoverride. 
>
> Proposal:

I generally agree, but as usual have some remarks ;-)

> # and unregister old tex-common questions, they are not needed anymore
> db_unregister tex-common/groupperm || true
> db_unregister tex-common/userperm || true
> db_unregister tex-common/managedlsr || true
>
>
> # there was a bug in 0.9 that caused debconf answers to have no effect:
> # reset the seen flag
> if [ "$installed_version" = 0.9 ]; then
>   db_fset tex-common/managecache seen false || true
>   db_fset tex-common/groupname seen false || true fi

mangagecache is new, so why do we need to reset this?

> # this script may be run twice: Once by dpkg-preconfigure, once again by
> # debconf when it is sourced in the postinst script.  We must do the
> # following only once, therefore we fiddle with a special flag
> db_fget tex-common/managecache firstpass || true

While we're at it, we might consider renaming that flag.  Its name is a
bit confusing because of the following check:

> if [ "$RET" != "true" ]; then
>   # we are in the first pass, set the flag and do the things

In words:  If "firstpass" is not true, then we are in the first pass.

>   db_fset tex-common/managecache firstpass true
>
>   # check wether the directory /var/cache/fonts is group writeable and 
>   # for which group
>   PERMS=$(stat --format="%a" /var/cache/fonts)
>   GROUP=$(stat --format="%G" /var/cache/fonts)

Thanks - yesterday evening I was looking for stat, but it somehow
escaped the conscious parts of my brain...

> postinst part:
>     db_get tex-common/managecache || true
>     if [ $RET = true ] ; then
>       db_get tex-common/groupname || true
>       GROUP="$RET"
>       if [ -n "$GROUP" ] ; then
>         for i in /var/cache/fonts /var/cache/fonts/pk /var/cache/fonts/tfm /var/cache/fonts/source ; do
>           chmod 02775 $i
>           chown "root.$GROUP" $i

use 'chown "root:$GROUP", the dot is allowed in user and group names in
this millenium.

> much simpler and nice.

Indeed.

> Only think we should think about is the part in the postinst part: Do we
> want to recursively change *all* directories (there could be some old
> ones present) to 02755? I.e.
> 	find /var/cache/fonts -type d -exec chmod 02755 '{}' \;
> instead of the for i in ... construct ...

I currently don't see a use case where one would only want the top
directories to be setgid-group-writable, but not lower ones.

By the way, should we also (ask whether we should) set the sticky bit on
the directories?

Regards, Frank
-- 
Frank Küster
Single Molecule Spectroscopy, Protein Folding @ Inst. f. Biochemie, Univ. Zürich
Debian Developer (teTeX)
Reply to: