Would it make sense to support a recursive checkpath in openrc for init script that let user define random directory like for /etc/init.d/iptables. As of today, if one of the parent directory does not exist, an error is returned : $ rm -rf /tmp/1 $ /lib64/rc/bin/checkpath -v -d /tmp/1/2/3 * /tmp/1/2/3: creating directory * checkpath: mkdir: No such file or directory Reproducible: Always
(In reply to Bertrand Jacquin from comment #0) > Would it make sense to support a recursive checkpath in openrc for init > script that let user define random directory like for /etc/init.d/iptables. The iptables service script has two checkpath commands because they do two different things. checkpath -d deals with a directory, then checkpath -f deals with a file inside the directory. > As of today, if one of the parent directory does not exist, an error is > returned : > > $ rm -rf /tmp/1 > $ /lib64/rc/bin/checkpath -v -d /tmp/1/2/3 > * /tmp/1/2/3: creating directory > * checkpath: mkdir: No such file or directory I would be very concerned about a recursive checkpath, because combining it with mode and permission settings would lead to a possible dangerous situation. How should the ownership and permissions be applied if someone does this? $ rm -rf /tmp/1 $ /lib64/rc/bin/checkpath -m 0755 -o user:group -v -d /tmp/1/2/3
(In reply to William Hubbs from comment #1) > (In reply to Bertrand Jacquin from comment #0) > > Would it make sense to support a recursive checkpath in openrc for init > > script that let user define random directory like for /etc/init.d/iptables. > > The iptables service script has two checkpath commands because they do two > different things. checkpath -d deals with a directory, then checkpath -f > deals with a file inside the directory. > > > As of today, if one of the parent directory does not exist, an error is > > returned : > > > > $ rm -rf /tmp/1 > > $ /lib64/rc/bin/checkpath -v -d /tmp/1/2/3 > > * /tmp/1/2/3: creating directory > > * checkpath: mkdir: No such file or directory > > I would be very concerned about a recursive checkpath, because combining it > with mode and permission settings would lead to a possible dangerous > situation. > > How should the ownership and permissions be applied if someone does this? > > $ rm -rf /tmp/1 > $ /lib64/rc/bin/checkpath -m 0755 -o user:group -v -d /tmp/1/2/3 I understand your concern, but should all created directory have the same permission and owners as the leaf directory ?
(In reply to Bertrand Jacquin from comment #2) > (In reply to William Hubbs from comment #1) > > (In reply to Bertrand Jacquin from comment #0) > > I would be very concerned about a recursive checkpath, because combining it > > with mode and permission settings would lead to a possible dangerous > > situation. > > > > How should the ownership and permissions be applied if someone does this? > > > > $ rm -rf /tmp/1 > > $ /lib64/rc/bin/checkpath -m 0755 -o user:group -v -d /tmp/1/2/3 > > I understand your concern, but should all created directory have the same > permission and owners as the leaf directory ? That's the problem; this could be argued multiple ways depending on the application, the path, and how secure users want their setup to be.
I am marking this wontfix because I'm not comfortable enough with the design of it to move forward. There are ambiguities in how a recursive checkpath would operate that I'm not sure how to resolve. If you want to continue the discussion, feel free to re-open the bug.
