Date: Sat, 01 Mar 2014 09:59:55 -0500 From: "Adam Weinberger" <adamw@adamw.org> To: "Tijl Coosemans" <tijl@FreeBSD.org>, "Baptiste Daroussin" <bapt@FreeBSD.org> Cc: svn-ports-head@freebsd.org, svn-ports-all@freebsd.org, ports-committers@freebsd.org Subject: Re: svn commit: r346570 - head/mail/squirrelmail Message-ID: <F61150D4-A821-4A09-83EE-C0D91D81EB7B@adamw.org> In-Reply-To: <20140301154609.59b3897b@kalimero.tijl.coosemans.org> References: <201402281928.s1SJSOFd043779@svn.freebsd.org> <20140228205412.17dead83@kalimero.tijl.coosemans.org> <E30C30A6-ED8C-489F-AD49-7B06D260BAD8@adamw.org> <20140301154609.59b3897b@kalimero.tijl.coosemans.org>
next in thread | previous in thread | raw e-mail | index | archive | help
On 1 Mar 2014, at 9:46, Tijl Coosemans wrote: > On Fri, 28 Feb 2014 15:11:20 -0500 Adam Weinberger wrote: >> On 28 Feb 2014, at 14:54, Tijl Coosemans wrote: >>> On Fri, 28 Feb 2014 19:28:24 +0000 (UTC) Adam Weinberger wrote: >>>> ${CHMOD} 730 ${STAGEDIR}${SQUIRRELDIR}/attach >>>> ${CHMOD} 750 ${STAGEDIR}${SQUIRRELDIR}/data >>> >>> I think you can remove the chmod commands too... >>> >>> >>>> Modified: head/mail/squirrelmail/pkg-plist >>>> =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D >>>> --- head/mail/squirrelmail/pkg-plist Fri Feb 28 19:14:42 >>>> 2014 (r346569) >>>> +++ head/mail/squirrelmail/pkg-plist Fri Feb 28 19:28:23 >>>> 2014 (r346570) >>>> @@ -1,5 +1,7 @@ >>>> etc/periodic/daily/111.clean-squirrelmail >>>> %%SQUIRRELDIR%%/attach/.htaccess >>>> +@exec chown %%SMUSER%%:%%SMGROUP%% %B >>>> +@exec chmod 730 %B >>> >>> ...if you do this as follows: >>> >>> @owner %%SMUSER%% >>> @group %%SMGROUP%% >>> @mode 730 >>> %%SQUIRRELDIR%%/attach/.htaccess >>> @owner >>> @group >>> @mode >>> >>> Are you sure that 3 for group permissions is correct? >>> >>>> +@exec chown %%SMUSER%%:%%SMGROUP%% %B >>>> +@exec chmod 750 %B >>> >>> Same here, but you could also group it with the .htaccess file = >>> above. >>> >>> The pkg-plist format is explained in the pkg-create manpage by the >>> way. >> >> %B refers to the dirname. Your suggestion would change the ownership = >> and >> permissions of the .htaccess file, which would then require an @exec >> chown and @exec chmod to repair, so it wouldn't really fix anything. > > Ah, right. With pkg you can set permissions on a directory with = > @owner > etc. around the @dirrm for that directory. That doesn't work with the > old pkg_create but I think @exec chmod does, so you would have to use > both these methods at the moment. The problem with the port now is = > that > there's a window in which you give write permissions on a directory to > the wrong group of users. You're totally right, there is a window. Luckily in this case, in that = window write access is broken (as opposed to a window where write access = is granted). The only thing I could think of was to put @exec install -d -p 730 -o www -g www etc.etc.etc. But in addition to being kindof overkill, all these things can only be = done as root. (But, then again, so does my @exec chown business). = Perhaps bapt can suggest a solution here? He knows the ins and outs of = this stuff better than anyone. I was not aware that pkg let you specify permissions around @dirrm. That = is neat, but it is quite confusing. Will pkgng one day let us just list = directories with @dir so that we can apply ownership and permissions = correctly? All of this stuff, by the way, @owner and @group and @mode and putting = things around @dirrm, none of this is in the porter's handbook. There = are many ports out there that are broken on installation (such as = dokuwiki) because directories are installed with wrong owners. There = should be a "DO install directories with correct ownership and = permissions" section, no? # Adam -- Adam Weinberger adamw@adamw.org http://www.adamw.org
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?F61150D4-A821-4A09-83EE-C0D91D81EB7B>