Emerging the package net-wireless/bluez create the directory /etc/bluetooth with permission 0755. The service file /usr/lib/systemd/system/bluetooth.service contains the directive ConfigurationDirectoryMode=0555. As the directory has already been create with a different permission mask, systemd does not alter it when the service is started, but logs the message bluetooth.service: ConfigurationDirectory 'bluetooth' already exists but the mode is different. (File system: 755 ConfigurationDirectoryMode: 555) at the severity level "warning". Either the service file should be fixed (such that 0755 is acceptable) or the ebuild script should be fixed to set permissions to 0555. Reproducible: Always Steps to Reproduce: 1. Emerge net-wireless/bluez 2. Start service, e.g. systemctl start bluetooth.service 3. Look out for warning message in system log Actual Results: A unnecessary warning is logged. Expected Results: No warning should be logged.
I have tried to set 555 mode via fperms / insopts... but at the end it stays as 755. Is there any restriction applied by portage to apply 555 mode? (it is true that, to me, it looks a bit stupid as root can still play with the files as with 755)
Portage never adjusts the permissions on directories once they have already been created. To update the permissions for existing installations, you will need to call chmod from pkg_postinst. Really though, that mode makes no sense and should just be removed from the service file to allow the default of 0755 to be used.
(In reply to Mike Gilbert from comment #2) [...] > Really though, that mode makes no sense and should just be removed from the > service file to allow the default of 0755 to be used. I agree with you, but looking to other distributions, it seemed to me that they failed to convince upstream to stop trying to enforce 0555 :S, we will probably need to carry the change downstream forever then :/
So it turns out that the upstream build system actually creates $(DESTDIR)/etc/bluetooth with the 0755 mode. There's a hack in Makefile.am that is intended to "correct" the permissions to 0555, but that hack fails because it is calling "install -dm555" after the directory already exists. > bluetoothd-fix-permissions: > install -dm555 $(DESTDIR)$(confdir) > install -dm700 $(DESTDIR)$(statedir) It should call "chmod 555" instead. To fix this in the ebuild, you could call fperms 0555 /etc/bluetooth at the end of the install phase. That will resolve the issue for fresh installs. For existing installs, I would suggest you ignore the warning and let users adjust the mode manually if they so desire. The alternative is to call chmod in pkg_postinst, but that could possibly override any permissions set manually by the sysadmin. Some other notes: The ebuild is calling keepdir /etc/bluetooth for no apparent reason. You don't need keepdir if you are installing files under the directory. Also, the build system seems to install files into /etc/bluetooth already, so the manual installation of those same files by the ebuild seems redundant. You should probably look into that.