Package: request-tracker4
Version: 4.0.18-1~bpo70+1
Severity: normal
Tags:
I noticed that the Debian packages install the mason cache file directories
with a forced group of root.
Given the ./configure that the package uses, a 'normal' RT that is configured
with:
./configure \
--with-web-user=www-data \
--with-web-group=www-data \
would have an install target set of permissions of
root@debian-rt:~# ls -ld /opt/rt4/var
drwxr-xr-x 5 root root 4096 Jan 31 13:57 /opt/rt4/var
root@debian-rt:~# ls -ld /opt/rt4/var/mason_data
drwxrwx--- 5 www-data www-data 4096 Jan 31 13:57 /opt/rt4/var/mason_data
Debian packages install with (modifying for layout)
root@debian-rt:~# ls -ld /var/cache/request-tracker4/
drwxr-s--- 4 www-data root 4096 Jan 31 12:15 /var/cache/request-tracker4/
root@debian-rt:~# ls -ld /var/cache/request-tracker4/mason_data/
drwxr-s--- 5 www-data root 4096 Jan 31 12:15
/var/cache/request-tracker4/mason_data/
In particular, this hurts because you can't run an external process (such as an
external fcgi daemon, or standalone server to be proxied) without the daemon
being run *as* www-data. With more standard permissions, you can run as
www-other who is a member of the www-data group and have it work.
I have a separate patch I'll file that makes /etc/init.d/rt4-fcgi support this,
but since it requires permissions changes, I wanted to know if anyone remembers
*why* Debian does this in request-tracker4/debian/rules
find $(RT_PKG)/var/cache/$(RT)/ -type d -print0 | xargs --null chown
www-data:root
find $(RT_PKG)/var/cache/$(RT)/ -type d -print0 | xargs --null chmod
2750
The sticky bit in the second command is actually nice, but restricting who can
write to the mason cache really strangles any of the advanced RT configurations
available.
Git and Svn history didn't provide any useful history for this.
-- Package-specific info:
Changed files:
-- System Information:
Debian Release: 7.3
APT prefers stable-updates
APT policy: (500, 'stable-updates'), (500, 'stable')
Architecture: amd64 (x86_64)
Kernel: Linux 3.2.0-4-amd64 (SMP w/1 CPU core)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Versions of packages request-tracker4 depends on:
ii dbconfig-common 1.8.47+nmu1
ii debconf [debconf-2.0] 1.5.49
ii exim4 4.80-7
ii exim4-daemon-light [mail-transport-agent] 4.80-7
ii fonts-droid 20111207+git-1
ii libapache-session-perl 1.89-1
ii libcache-simple-timedexpiry-perl 0.27-2
ii libcgi-emulate-psgi-perl 0.14-1
ii libcgi-psgi-perl 0.15-1
ii libclass-accessor-perl 0.34-1
ii libclass-returnvalue-perl 0.55-1
ii libconvert-color-perl 0.08-1
ii libcss-squish-perl 0.09-1
ii libdata-ical-perl 0.18+dfsg-1
ii libdatetime-locale-perl 1:0.45-1
ii libdatetime-perl 2:0.7500-1
ii libdbi-perl 1.622-1
ii libdbix-searchbuilder-perl 1.62-1
ii libdevel-globaldestruction-perl 0.06-1
ii libdevel-stacktrace-perl 1.2700-1
ii libemail-address-perl 1.895-1
ii libfcgi-procmanager-perl 0.24-1
ii libfile-sharedir-perl 1.00-0.1
ii libgd-graph-perl 1.44-6
ii libgd-text-perl 0.86-8
ii libgnupg-interface-perl 0.45-1
ii libgraphviz-perl 2.10-1
ii libhtml-format-perl 2.10-1
ii libhtml-mason-perl 1:1.48-1
ii libhtml-mason-psgihandler-perl 0.52-1
ii libhtml-quoted-perl 0.03-1
ii libhtml-rewriteattributes-perl 0.05-1~bpo70+1
ii libhtml-scrubber-perl 0.09-1
ii libhtml-tree-perl 5.02-1
ii libipc-run-perl 0.92-1
ii libipc-run3-perl 0.045-1
ii libjson-perl 2.53-1
ii liblist-moreutils-perl 0.33-1+b1
ii liblocale-maketext-fuzzy-perl 0.11-1
ii liblocale-maketext-lexicon-perl 0.91-1
ii liblog-dispatch-perl 2.32-1
ii libmailtools-perl 2.09-1
ii libmime-tools-perl [libmime-perl] 5.503-1
ii libmime-types-perl 1.35-1
ii libmodule-versions-report-perl 1.06-1
ii libnet-cidr-perl 0.15-1
ii libperlio-eol-perl 0.14-1+b3
ii libplack-perl 0.9989-1
ii libregexp-common-net-cidr-perl 0.02-1
ii libregexp-common-perl 2011121001-1
ii libregexp-ipv6-perl 0.03-1
ii libtext-autoformat-perl 1.669002-1
ii libtext-password-pronounceable-perl 0.30-1
ii libtext-quoted-perl 2.06-1
ii libtext-template-perl 1.45-2
ii libtext-wikiformat-perl 0.79-1
ii libtext-wrapper-perl 1.04-1
ii libtime-modules-perl 2011.0517-1
ii libtimedate-perl 1.2000-1
ii libtree-simple-perl 1.18-1
ii libuniversal-require-perl 0.13-1
ii liburi-perl 1.60-1
ii libxml-rss-perl 1.49-1
ii libxml-simple-perl 2.20-1
ii perl [libencode-perl] 5.14.2-21+deb7u1
ii perl-modules [libfile-temp-perl] 5.14.2-21+deb7u1
ii rsyslog [system-log-daemon] 5.8.11-3
ii rt4-apache2 4.0.18-1~bpo70+1
ii rt4-clients 4.0.18-1~bpo70+1
ii rt4-db-postgresql 4.0.18-1~bpo70+1
ii ucf 3.0025+nmu3
Versions of packages request-tracker4 recommends:
ii cron [cron-daemon] 3.0pl1-124
Versions of packages request-tracker4 suggests:
ii rt4-doc-html 4.0.18-1~bpo70+1
-- debconf information:
request-tracker4/internal/reconfiguring: false
request-tracker4/remote/port:
* request-tracker4/database-type: pgsql
* request-tracker4/dbconfig-install: true
request-tracker4/remove-error: abort
request-tracker4/install-error: abort
* request-tracker4/dbconfig-upgrade: true
* request-tracker4/install-cronjobs: false
* request-tracker4/db/app-user: requesttracker4
request-tracker4/pgsql/no-empty-passwords:
* request-tracker4/webbaseurl: http://debian-rt.local
request-tracker4/upgrade-backup: true
request-tracker4/upgrade-error: abort
request-tracker4/pgsql/manualconf:
* request-tracker4/correspondaddress: rt@debian-rt.local
request-tracker4/internal/skip-preseed: false
request-tracker4/purge: false
request-tracker4/passwords-do-not-match:
request-tracker4/dbconfig-reinstall: false
request-tracker4/mysql/method: unix socket
request-tracker4/mysql/admin-user: root
request-tracker4/missing-db-package-error: abort
* request-tracker4/commentaddress: rt-comment@debian-rt.local
* request-tracker4/handle-siteconfig-permissions: true
request-tracker4/remote/host:
* request-tracker4/webpath: /rt
* request-tracker4/pgsql/method: unix socket
request-tracker4/remote/newhost:
* request-tracker4/dbconfig-remove:
request-tracker4/pgsql/changeconf: false
* request-tracker4/pgsql/authmethod-admin: ident
* request-tracker4/db/dbname: rtdb
request-tracker4/db/basepath:
/var/lib/dbconfig-common/sqlite3/request-tracker4
* request-tracker4/pgsql/authmethod-user: ident
* request-tracker4/rtname: debian-rt
* request-tracker4/organization: debian-rt.local
* request-tracker4/pgsql/admin-user: postgres
--
To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
