Date: Sat, 01 Mar 2014 09:59:55 -0500 From: "Adam Weinberger" <adamw@adamw.org> To: "Tijl Coosemans" <tijl@FreeBSD.org>, "Baptiste Daroussin" <bapt@FreeBSD.org> Cc: svn-ports-head@freebsd.org, svn-ports-all@freebsd.org, ports-committers@freebsd.org Subject: Re: svn commit: r346570 - head/mail/squirrelmail Message-ID: <F61150D4-A821-4A09-83EE-C0D91D81EB7B@adamw.org> In-Reply-To: <20140301154609.59b3897b@kalimero.tijl.coosemans.org> References: <201402281928.s1SJSOFd043779@svn.freebsd.org> <20140228205412.17dead83@kalimero.tijl.coosemans.org> <E30C30A6-ED8C-489F-AD49-7B06D260BAD8@adamw.org> <20140301154609.59b3897b@kalimero.tijl.coosemans.org>
next in thread | previous in thread | raw e-mail | index | archive | help
On 1 Mar 2014, at 9:46, Tijl Coosemans wrote:
> On Fri, 28 Feb 2014 15:11:20 -0500 Adam Weinberger wrote:
>> On 28 Feb 2014, at 14:54, Tijl Coosemans wrote:
>>> On Fri, 28 Feb 2014 19:28:24 +0000 (UTC) Adam Weinberger wrote:
>>>> ${CHMOD} 730 ${STAGEDIR}${SQUIRRELDIR}/attach
>>>> ${CHMOD} 750 ${STAGEDIR}${SQUIRRELDIR}/data
>>>
>>> I think you can remove the chmod commands too...
>>>
>>>
>>>> Modified: head/mail/squirrelmail/pkg-plist
>>>> =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D
>>>> --- head/mail/squirrelmail/pkg-plist Fri Feb 28 19:14:42
>>>> 2014 (r346569)
>>>> +++ head/mail/squirrelmail/pkg-plist Fri Feb 28 19:28:23
>>>> 2014 (r346570)
>>>> @@ -1,5 +1,7 @@
>>>> etc/periodic/daily/111.clean-squirrelmail
>>>> %%SQUIRRELDIR%%/attach/.htaccess
>>>> +@exec chown %%SMUSER%%:%%SMGROUP%% %B
>>>> +@exec chmod 730 %B
>>>
>>> ...if you do this as follows:
>>>
>>> @owner %%SMUSER%%
>>> @group %%SMGROUP%%
>>> @mode 730
>>> %%SQUIRRELDIR%%/attach/.htaccess
>>> @owner
>>> @group
>>> @mode
>>>
>>> Are you sure that 3 for group permissions is correct?
>>>
>>>> +@exec chown %%SMUSER%%:%%SMGROUP%% %B
>>>> +@exec chmod 750 %B
>>>
>>> Same here, but you could also group it with the .htaccess file =
>>> above.
>>>
>>> The pkg-plist format is explained in the pkg-create manpage by the
>>> way.
>>
>> %B refers to the dirname. Your suggestion would change the ownership =
>> and
>> permissions of the .htaccess file, which would then require an @exec
>> chown and @exec chmod to repair, so it wouldn't really fix anything.
>
> Ah, right. With pkg you can set permissions on a directory with =
> @owner
> etc. around the @dirrm for that directory. That doesn't work with the
> old pkg_create but I think @exec chmod does, so you would have to use
> both these methods at the moment. The problem with the port now is =
> that
> there's a window in which you give write permissions on a directory to
> the wrong group of users.
You're totally right, there is a window. Luckily in this case, in that =
window write access is broken (as opposed to a window where write access =
is granted).
The only thing I could think of was to put
@exec install -d -p 730 -o www -g www etc.etc.etc.
But in addition to being kindof overkill, all these things can only be =
done as root. (But, then again, so does my @exec chown business). =
Perhaps bapt can suggest a solution here? He knows the ins and outs of =
this stuff better than anyone.
I was not aware that pkg let you specify permissions around @dirrm. That =
is neat, but it is quite confusing. Will pkgng one day let us just list =
directories with @dir so that we can apply ownership and permissions =
correctly?
All of this stuff, by the way, @owner and @group and @mode and putting =
things around @dirrm, none of this is in the porter's handbook. There =
are many ports out there that are broken on installation (such as =
dokuwiki) because directories are installed with wrong owners. There =
should be a "DO install directories with correct ownership and =
permissions" section, no?
# Adam
--
Adam Weinberger
adamw@adamw.org
http://www.adamw.org
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?F61150D4-A821-4A09-83EE-C0D91D81EB7B>