Re: post-install ownership on binaries

To: Steven Bellovin <smb%cs.columbia.edu@localhost>, Filip Hajny <filip%joyent.com@localhost>
Subject: Re: post-install ownership on binaries
From: jnemeth%victoria.tc.ca@localhost (John Nemeth)
Date: Wed, 20 May 2009 01:02:55 -0700

On Oct 10,  3:06am, Steven Bellovin wrote:
} On Tue, 19 May 2009 17:53:55 +0200
} Filip Hajny <filip%joyent.com@localhost> wrote:
} 
} > is there a way to have pkg_add automatically set desired ownership
} > on binaries right after installing from a binary package? I'm
} > hitting this problem with Postfix - I guess since the changeover of  
} > pkg_install. Both postdrop and postqueue need to be
} > postfix:maildrop, and while I see this ownership inside the binary
} > package tarball, they get re-set to root:root after installing. I
} > know the fix is 'postfix set-permissions' away, but it would be nice
} > if the correct ownership were auto-set right away.
} > 
} > Am I missing something?
} 
} Try adding a post-install rule in the pkgsrc Makefile to run
} set-permissions, perhaps.  (I haven't tried this.)

     Don't bother, since it is very much the WRONG thing to do, and
this is very bad advice.  This idea may set the permissions on the file
in the tarball which they already are as per the OP, but it won't do
anything to a binary package install.  For that, you need SPECIAL_PERMS:

P4-3679GHz: {34} wtf SPECIAL_PERMS
SPECIAL_PERMS: ===> mk/pkginstall/bsd.pkginstall.mk (keywords: st_mode 
SETGID_GAMES_PERMS setgid SETUID_ROOT_PERMS setuid perms SPECIAL_PERMS):
# SPECIAL_PERMS are lists that look like:
#               file user group mode
#       At post-install time, file (it may be a directory) is changed to be
#       owned by user:group with mode permissions.  If a file pathname
#       is relative, then it is taken to be relative to ${PREFIX}.
#
# SPECIAL_PERMS should be used primarily to change permissions of files or
# directories listed in the PLIST.  This may be used to make certain files
# set-uid or to change the ownership or a directory.
#
# SETUID_ROOT_PERMS is a convenience definition to note an executable is
# meant to be setuid-root, and should be used as follows:
#
#       SPECIAL_PERMS+= /path/to/suidroot ${SETUID_ROOT_PERMS}
#
# SETGID_GAMES_PERMS is a convenience definition to note an executable is
# meant to be setgid-game, and should be used as follows:
#
#       SPECIAL_PERMS+= /path/to/sgidgame ${SETGID_GAMES_PERMS}
#
SPECIAL_PERMS?=         # empty
SETUID_ROOT_PERMS?=     ${REAL_ROOT_USER} ${REAL_ROOT_GROUP} 4511
SETGID_GAMES_PERMS?=    ${GAMES_USER} ${GAMES_GROUP} ${GAMEMODE}

}-- End of excerpt from Steven Bellovin

References:
- Re: post-install ownership on binaries
  - From: Steven Bellovin

Prev by Date: Re: post-install ownership on binaries
Next by Date: Mesa 7.4.2 and xserver 1.6.1.901
Previous by Thread: Re: post-install ownership on binaries
Next by Thread: Re: post-install ownership on binaries
Indexes:

Home | Main Index | Thread Index | Old Index