Bug 396153

Summary:	persistent administrative override of file and directory permissions (like dpkg-statoverride)
Product:	Gentoo Hosted Projects	Reporter:	Zac Medico <zmedico>
Component:	PMS/EAPI	Assignee:	PMS/EAPI <pms>
Status:	CONFIRMED ---
Severity:	normal	CC:	blueness, gabifalk, mk, mrueg
Priority:	Normal
Version:	unspecified
Hardware:	All
OS:	All
URL:	http://www.debian.org/doc/debian-policy/ch-files.html#s10.9.1
See Also:	https://bugs.gentoo.org/show_bug.cgi?id=607430 https://bugs.gentoo.org/show_bug.cgi?id=654138
Whiteboard:
Package list:		Runtime testing required:	---
Bug Depends on:
Bug Blocks:	193766

Description Zac Medico gentoo-dev

2011-12-27 01:23:20 UTC

Package managers should allow administrators to override permissions of files in a way that persists through upgrades. For example, this can be accomplished using an approach similar to Debian's dpkg-statoverride tool.

Comment 1 Zac Medico gentoo-dev

2011-12-27 01:24:45 UTC

*** Bug 141619 has been marked as a duplicate of this bug. ***

Comment 2 Zac Medico gentoo-dev

2011-12-27 01:30:02 UTC

*** Bug 151778 has been marked as a duplicate of this bug. ***

Comment 3 Maxim Kammerer 2012-07-08 21:21:21 UTC

I think that this bug's importance should be raised. Consider, for instance, net-misc/tor:

    pkg_setup() {
        enewgroup tor
        enewuser tor -1 -1 /var/lib/tor tor
    }

    src_install() {
        ...
        fperms 750 /var/lib/tor
        fowners tor:tor /var/lib/tor
        ...
    }

The intent is clearly that /var/lib/tor is only readable by user "tor". However:

    drwxr-xr-x 2 tor root 88 Jun 16 01:07 /var/lib/tor

Specifically for net-misc/tor, this is not a serious issue (Tor daemon apparently sets umask to 077 for new files and directories), but it might be for other packages. I had to resolve to, e.g.:

    pkg_setup() {
        enewgroup i2p
        enewuser  i2p -1 -1 /var/lib/i2p i2p
        rmdir /var/lib/i2p 2>/dev/null || :
    }

in order to enforce directory permissions for a similar package.

Comment 4 SpanKY gentoo-dev

2012-07-21 17:26:36 UTC

(In reply to comment #3)

i don't really understand your example.  if /var/lib/tor doesn't exist, then when the dir gets merged, it'll start with 750 perms.  how did it get 755 ?

also, be aware that you cannot rely on the tree state that an ebuild sets up in /var/{lib,cache,run} since that might get removed manually by an admin.  so init.d scripts have to use `checkpath` to make sure they're available.

Comment 5 Maxim Kammerer 2012-07-21 18:20:20 UTC

(In reply to comment #4)
> i don't really understand your example.  if /var/lib/tor doesn't exist, then
> when the dir gets merged, it'll start with 750 perms.  how did it get 755 ?

But /var/lib/tor already exists before src_install() -- it is created by enewuser in pkg_setup().

> also, be aware that you cannot rely on the tree state that an ebuild sets up
> in /var/{lib,cache,run} since that might get removed manually by an admin. 
> so init.d scripts have to use `checkpath` to make sure they're available.

I am aware of /var/run (filed a few bugs for bug #332633 myself), and /var/cache case is kind of obvious, but /var/lib? It seems to me that if one starts arbitrary removing stuff in /var/lib in Gentoo, the system will break...