tags #361956 - patch
tags #361956 confirmed pending
thanks
On Tue, Apr 11, 2006 at 02:35:09PM +0200, Heiko Schlittermann wrote:
> As stated in the subject -- the postinstall uses unconditionally
> chmod/chown. If the local admin tries to change permissions using
> dpkg-statoverride, these local changes are not respected.
Thanks for spotting this. I have committed the attached patch to svn.
Greetings
Marc
--
-----------------------------------------------------------------------------
Marc Haber | "I don't trust Computers. They | Mailadresse im Header
Mannheim, Germany | lose things." Winona Ryder | Fon: *49 621 72739834
Nordisch by Nature | How to make an American Quilt | Fax: *49 621 72739835
Index: debian/nagios2-common.postrm
===================================================================
--- debian/nagios2-common.postrm (revision 888)
+++ debian/nagios2-common.postrm (working copy)
@@ -1,10 +1,19 @@
#!/bin/sh -e
+# some shorthands for sanity
+en="/etc/nagios2"
+enc="/etc/nagios2/conf.d"
+usn="/usr/share/nagios2"
+
case "$1" in
remove)
;;
purge)
- rm -rf /var/run/nagios2 /var/log/nagios2 /var/lib/nagios2 \
+ for file in $en/resource.cfg /var/log/nagios2 /var/run/nagios2 \
+ /var/lib/nagios2 /var/cache/nagios2 /var/lib/nagios2/rw; do
+ dpkg-statoverride --force --remove $file || true
+ done
+ rm -rf /var/run/nagios2 /var/log/nagios2 /var/lib/nagios2 \
/var/cache/nagios2
rm -f /etc/nagios2/htpasswd.users
rm -f /etc/nagios2/apache2.conf
Index: debian/changelog
===================================================================
--- debian/changelog (revision 888)
+++ debian/changelog (working copy)
@@ -7,8 +7,10 @@
Thanks to Matt Zagrabelny. (mh) Closes: #360998
* Create pid file directory dynamically in init script.
Thanks to Herbert Straub. (mh) Closes: #361239
+ * Honor locally set file/dir permissions in postinst, fixing policy
+ 10.9.1 compliance. Thanks to Heiko Schlittermann. (mh) Closes: #361956
- -- Marc Haber <[EMAIL PROTECTED]> Tue, 2 May 2006 16:13:25 +0200
+ -- Marc Haber <[EMAIL PROTECTED]> Wed, 3 May 2006 08:13:14 +0200
nagios2 (2.2-1) unstable; urgency=low
Index: debian/nagios2-common.postinst
===================================================================
--- debian/nagios2-common.postinst (revision 888)
+++ debian/nagios2-common.postinst (working copy)
@@ -20,6 +20,19 @@
# location of the default htpasswd authentication file.
htpw=$en/htpasswd.users
+setperm() {
+ local user="$1"
+ local group="$2"
+ local mode="$3"
+ local file="$4"
+ shift 4
+ # only do something when no setting exists
+ if ! dpkg-statoverride --list "$file" >/dev/null 2>&1; then
+ chown "$user":"$group" "$file"
+ chmod "$mode" "$file"
+ fi
+}
+
case "$1" in
configure)
if ! getent passwd nagios > /dev/null ; then
@@ -76,14 +89,12 @@
# explicitly set permissions on some files that are dependent
# on the uid/gid of the nagios user, which is dynamically created.
- chown root:nagios $en/resource.cfg
- chmod 640 $en/resource.cfg
- install -d -onagios -gadm -m2751 /var/log/nagios2
- install -d -onagios -gnagios -m750 /var/run/nagios2
- install -d -onagios -gnagios -m751 /var/lib/nagios2
- # chown instead of install to preserve permission bits
- chown nagios /var/lib/nagios2/rw
- install -d -onagios -gwww-data -m2750 /var/cache/nagios2
+ setperm root nagios 0640 $en/resource.cfg
+ setperm nagios adm 2751 /var/log/nagios2
+ setperm nagios nagios 0750 /var/run/nagios2
+ setperm nagios nagios 0750 /var/lib/nagios2
+ setperm nagios www-data 02750 /var/cache/nagios2
+ setperm nagios www-data 0700 /var/lib/nagios2/rw
# everything went well, so now let's reset the password
db_set nagios2/adminpassword ""
