From owner-svn-ports-all@FreeBSD.ORG Sat Mar 1 14:59:59 2014 Return-Path: Delivered-To: svn-ports-all@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) (using TLSv1 with cipher ADH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTPS id B02D1FF7; Sat, 1 Mar 2014 14:59:59 +0000 (UTC) Received: from apnoea.adamw.org (apnoea.adamw.org [204.109.59.150]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mx1.freebsd.org (Postfix) with ESMTPS id 23818120C; Sat, 1 Mar 2014 14:59:59 +0000 (UTC) Received: from [192.168.2.1] (dhcp-108-170-169-46.cable.user.start.ca [108.170.169.46]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by apnoea.adamw.org (Postfix) with ESMTPSA id 23AF411FC60; Sat, 1 Mar 2014 09:59:53 -0500 (EST) From: "Adam Weinberger" To: "Tijl Coosemans" , "Baptiste Daroussin" Subject: Re: svn commit: r346570 - head/mail/squirrelmail Date: Sat, 01 Mar 2014 09:59:55 -0500 Message-ID: In-Reply-To: <20140301154609.59b3897b@kalimero.tijl.coosemans.org> References: <201402281928.s1SJSOFd043779@svn.freebsd.org> <20140228205412.17dead83@kalimero.tijl.coosemans.org> <20140301154609.59b3897b@kalimero.tijl.coosemans.org> MIME-Version: 1.0 Content-Type: text/plain; format=flowed Content-Transfer-Encoding: quoted-printable X-Mailer: MailMate (1.7.2r4025) Cc: svn-ports-head@freebsd.org, svn-ports-all@freebsd.org, ports-committers@freebsd.org X-BeenThere: svn-ports-all@freebsd.org X-Mailman-Version: 2.1.17 Precedence: list List-Id: SVN commit messages for the ports tree List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 01 Mar 2014 14:59:59 -0000 On 1 Mar 2014, at 9:46, Tijl Coosemans wrote: > On Fri, 28 Feb 2014 15:11:20 -0500 Adam Weinberger wrote: >> On 28 Feb 2014, at 14:54, Tijl Coosemans wrote: >>> On Fri, 28 Feb 2014 19:28:24 +0000 (UTC) Adam Weinberger wrote: >>>> ${CHMOD} 730 ${STAGEDIR}${SQUIRRELDIR}/attach >>>> ${CHMOD} 750 ${STAGEDIR}${SQUIRRELDIR}/data >>> >>> I think you can remove the chmod commands too... >>> >>> >>>> Modified: head/mail/squirrelmail/pkg-plist >>>> =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D >>>> --- head/mail/squirrelmail/pkg-plist Fri Feb 28 19:14:42 >>>> 2014 (r346569) >>>> +++ head/mail/squirrelmail/pkg-plist Fri Feb 28 19:28:23 >>>> 2014 (r346570) >>>> @@ -1,5 +1,7 @@ >>>> etc/periodic/daily/111.clean-squirrelmail >>>> %%SQUIRRELDIR%%/attach/.htaccess >>>> +@exec chown %%SMUSER%%:%%SMGROUP%% %B >>>> +@exec chmod 730 %B >>> >>> ...if you do this as follows: >>> >>> @owner %%SMUSER%% >>> @group %%SMGROUP%% >>> @mode 730 >>> %%SQUIRRELDIR%%/attach/.htaccess >>> @owner >>> @group >>> @mode >>> >>> Are you sure that 3 for group permissions is correct? >>> >>>> +@exec chown %%SMUSER%%:%%SMGROUP%% %B >>>> +@exec chmod 750 %B >>> >>> Same here, but you could also group it with the .htaccess file = >>> above. >>> >>> The pkg-plist format is explained in the pkg-create manpage by the >>> way. >> >> %B refers to the dirname. Your suggestion would change the ownership = >> and >> permissions of the .htaccess file, which would then require an @exec >> chown and @exec chmod to repair, so it wouldn't really fix anything. > > Ah, right. With pkg you can set permissions on a directory with = > @owner > etc. around the @dirrm for that directory. That doesn't work with the > old pkg_create but I think @exec chmod does, so you would have to use > both these methods at the moment. The problem with the port now is = > that > there's a window in which you give write permissions on a directory to > the wrong group of users. You're totally right, there is a window. Luckily in this case, in that = window write access is broken (as opposed to a window where write access = is granted). The only thing I could think of was to put @exec install -d -p 730 -o www -g www etc.etc.etc. But in addition to being kindof overkill, all these things can only be = done as root. (But, then again, so does my @exec chown business). = Perhaps bapt can suggest a solution here? He knows the ins and outs of = this stuff better than anyone. I was not aware that pkg let you specify permissions around @dirrm. That = is neat, but it is quite confusing. Will pkgng one day let us just list = directories with @dir so that we can apply ownership and permissions = correctly? All of this stuff, by the way, @owner and @group and @mode and putting = things around @dirrm, none of this is in the porter's handbook. There = are many ports out there that are broken on installation (such as = dokuwiki) because directories are installed with wrong owners. There = should be a "DO install directories with correct ownership and = permissions" section, no? # Adam -- Adam Weinberger adamw@adamw.org http://www.adamw.org