Re: Bug#352394: tex-common: permission scheme for /var/cache/fonts
Norbert Preining <preining@logic.at> wrote:
> On Mon, 13 Feb 2006, Frank Küster wrote:
>> If we do this, why not drop any special handling of TEXMFMAIN and
>> TEXMFVAR completely? Local admins with special needs can always use
>> dpkg-statoverride.
>
> Proposal:
I generally agree, but as usual have some remarks ;-)
> # and unregister old tex-common questions, they are not needed anymore
> db_unregister tex-common/groupperm || true
> db_unregister tex-common/userperm || true
> db_unregister tex-common/managedlsr || true
>
>
> # there was a bug in 0.9 that caused debconf answers to have no effect:
> # reset the seen flag
> if [ "$installed_version" = 0.9 ]; then
> db_fset tex-common/managecache seen false || true
> db_fset tex-common/groupname seen false || true fi
mangagecache is new, so why do we need to reset this?
> # this script may be run twice: Once by dpkg-preconfigure, once again by
> # debconf when it is sourced in the postinst script. We must do the
> # following only once, therefore we fiddle with a special flag
> db_fget tex-common/managecache firstpass || true
While we're at it, we might consider renaming that flag. Its name is a
bit confusing because of the following check:
> if [ "$RET" != "true" ]; then
> # we are in the first pass, set the flag and do the things
In words: If "firstpass" is not true, then we are in the first pass.
> db_fset tex-common/managecache firstpass true
>
> # check wether the directory /var/cache/fonts is group writeable and
> # for which group
> PERMS=$(stat --format="%a" /var/cache/fonts)
> GROUP=$(stat --format="%G" /var/cache/fonts)
Thanks - yesterday evening I was looking for stat, but it somehow
escaped the conscious parts of my brain...
> postinst part:
> db_get tex-common/managecache || true
> if [ $RET = true ] ; then
> db_get tex-common/groupname || true
> GROUP="$RET"
> if [ -n "$GROUP" ] ; then
> for i in /var/cache/fonts /var/cache/fonts/pk /var/cache/fonts/tfm /var/cache/fonts/source ; do
> chmod 02775 $i
> chown "root.$GROUP" $i
use 'chown "root:$GROUP", the dot is allowed in user and group names in
this millenium.
> much simpler and nice.
Indeed.
> Only think we should think about is the part in the postinst part: Do we
> want to recursively change *all* directories (there could be some old
> ones present) to 02755? I.e.
> find /var/cache/fonts -type d -exec chmod 02755 '{}' \;
> instead of the for i in ... construct ...
I currently don't see a use case where one would only want the top
directories to be setgid-group-writable, but not lower ones.
By the way, should we also (ask whether we should) set the sticky bit on
the directories?
Regards, Frank
--
Frank Küster
Single Molecule Spectroscopy, Protein Folding @ Inst. f. Biochemie, Univ. Zürich
Debian Developer (teTeX)
Reply to: