Date: Mon, 26 Apr 2021 10:03:36 +0200 From: Stefan Bethke <stb@lassitu.de> To: FreeBSD Ports <freebsd-ports@freebsd.org> Cc: Adam Weinberger <adamw@adamw.org> Subject: Re: Changing daemon user, dir ownership and updating packages Message-ID: <5A7F1B5C-4382-450C-9674-C9F4866E632E@lassitu.de> In-Reply-To: <FED3AEBB-69FF-4241-81F1-0F2580123946@lassitu.de> References: <FED3AEBB-69FF-4241-81F1-0F2580123946@lassitu.de>
next in thread | previous in thread | raw e-mail | index | archive | help
--Apple-Mail=_C36E5D9E-D2DB-4B60-9C56-0E2D70B62E87 Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset=us-ascii Am 13.04.2021 um 10:24 schrieb Stefan Bethke <stb@lassitu.de>: >=20 > As the maintainer, I've received this bug report: > https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=3D255009 >=20 > If you'd like to run the daemon under a user different from the = default git, you also need to change the ownership of the working = directories, especially /var/*/gitea. >=20 > The expectation is that upgrading the package will not change the = ownership of already existing directories. When installing a newer = version of the package, pkg appears to reset the ownership to those = specified in the package. >=20 > The pkg-plist has this: > @owner git > @group git > @dir /var/db/gitea > @dir /var/log/gitea > @dir /var/run/gitea >=20 > I believe this to be best practice. Is there a better way to have pkg = create these dirs if they're missing, but not touch them if they are = there already? Adam has suggested a couple of approaches, but what I would really like = is a common, documented way for ports to handle this situation. Updating ownership and mode of entries in the rc script automatically = feels wrong to me, especially if it's a custom one-off for a single = port. Kinda creating a POLA violation. I think as a general approach, checking that directories and files that = the port knows will need to be writable for compatible access rights = might be the safe choice. But that still leaves pkg updating the ownership/mode of existing = directories as a surprise on updating a package. I think the "right" = thing here would be a kind of three-way merge between changes an updated = package brings in vs. changes the user has made on their system. That = sound complicated to get right. Stefan -- Stefan Bethke <stb@lassitu.de> Fon +49 151 14070811 --Apple-Mail=_C36E5D9E-D2DB-4B60-9C56-0E2D70B62E87 Content-Transfer-Encoding: 7bit Content-Disposition: attachment; filename=signature.asc Content-Type: application/pgp-signature; name=signature.asc Content-Description: Message signed with OpenPGP -----BEGIN PGP SIGNATURE----- iQEzBAEBCgAdFiEEJ+hF98o4r3eU/HiPD885WK4W4sEFAmCGc9gACgkQD885WK4W 4sEE/wgAuKw11y3FE2OmAve38mtfzmcaQXlbTLwtW90VmDFuASHAGq9jtV4cBiAh GSvNfINXqn5cIhSzTyf8ZmSuq6/sx1UY8jSF1mvLPG2yNLy2TuTe44FFl0gyyMGl GbVh9NX2Pav0FAd/yuDub6Km2TR+5ip3wHyEIBwrgLPOvza7YVCkOSPsunx68bhZ JXHkJ/mjsTGIbnBAckOF/mvQehN6B2gHBEXU1ZU7KU1yRi7RuDKjOZiTclMxTHVa iqYvcu84Ov0FGxUkoQh8JGUQ1Rg4ryRH5iGwhPL1KYVddTuM+YWaK25jKNdnKhbS s8YXOvaL/biWaVCectqQwxrHrAeGew== =p9bW -----END PGP SIGNATURE----- --Apple-Mail=_C36E5D9E-D2DB-4B60-9C56-0E2D70B62E87--
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?5A7F1B5C-4382-450C-9674-C9F4866E632E>