Bug 929017

Summary:	net-wireless/bluez: Ebuild creates /etc/bluetooth with 0755, but bluetooth.service wants 0555.
Product:	Gentoo Linux	Reporter:	Matthias Nagel <matthias.nagel>
Component:	Current packages	Assignee:	Pacho Ramos <pacho>
Status:	UNCONFIRMED ---
Severity:	minor	CC:	dev-portage, pacho, zmedico
Priority:	Normal
Version:	unspecified
Hardware:	All
OS:	Linux
See Also:	https://github.com/bluez/bluez/issues/414
Whiteboard:
Package list:		Runtime testing required:	---
Bug Depends on:	141619
Bug Blocks:

Description Matthias Nagel 2024-04-09 17:25:21 UTC

Emerging the package net-wireless/bluez create the directory /etc/bluetooth with permission 0755. The service file /usr/lib/systemd/system/bluetooth.service contains the directive ConfigurationDirectoryMode=0555. As the directory has already been create with a different permission mask, systemd does not alter it when the service is started, but logs the message

bluetooth.service: ConfigurationDirectory 'bluetooth' already exists but the mode is different. (File system: 755 ConfigurationDirectoryMode: 555)

at the severity level "warning".

Either the service file should be fixed (such that 0755 is acceptable) or the ebuild script should be fixed to set permissions to 0555.

Reproducible: Always

Steps to Reproduce:
1. Emerge net-wireless/bluez
2. Start service, e.g. systemctl start bluetooth.service
3. Look out for warning message in system log
Actual Results:  
A unnecessary warning is logged.

Expected Results:  
No warning should be logged.

Comment 1 Pacho Ramos gentoo-dev

2024-04-18 17:36:59 UTC

I have tried to set 555 mode via fperms / insopts... but at the end it stays as 755. Is there any restriction applied by portage to apply 555 mode? (it is true that, to me, it looks a bit stupid as root can still play with the files as with 755)

Comment 2 Mike Gilbert gentoo-dev

2024-04-18 17:47:37 UTC

Portage never adjusts the permissions on directories once they have already been created.

To update the permissions for existing installations, you will need to call chmod from pkg_postinst.

Really though, that mode makes no sense and should just be removed from the service file to allow the default of 0755 to be used.

Comment 3 Pacho Ramos gentoo-dev

2024-04-22 15:16:56 UTC

(In reply to Mike Gilbert from comment #2)
[...]
> Really though, that mode makes no sense and should just be removed from the
> service file to allow the default of 0755 to be used.

I agree with you, but looking to other distributions, it seemed to me that they failed to convince upstream to stop trying to enforce 0555 :S, we will probably need to carry the change downstream forever then :/

Comment 4 Mike Gilbert gentoo-dev

2024-04-22 15:58:38 UTC

So it turns out that the upstream build system actually creates $(DESTDIR)/etc/bluetooth with the 0755 mode.

There's a hack in Makefile.am that is intended to "correct" the permissions to 0555, but that hack fails because it is calling "install -dm555" after the directory already exists.

> bluetoothd-fix-permissions:
>         install -dm555 $(DESTDIR)$(confdir)
>         install -dm700 $(DESTDIR)$(statedir)

It should call "chmod 555" instead.

To fix this in the ebuild, you could call fperms 0555 /etc/bluetooth at the end of the install phase. That will resolve the issue for fresh installs.

For existing installs, I would suggest you ignore the warning and let users adjust the mode manually if they so desire. The alternative is to call chmod in pkg_postinst, but that could possibly override any permissions set manually by the sysadmin.

Some other notes:

The ebuild is calling keepdir /etc/bluetooth for no apparent reason. You don't need keepdir if you are installing files under the directory.

Also, the build system seems to install files into /etc/bluetooth already, so the manual installation of those same files by the ebuild seems redundant. You should probably look into that.