Changing daemon user, dir ownership and updating packages
Stefan Bethke
stb at lassitu.de
Mon Apr 26 08:03:48 UTC 2021
Am 13.04.2021 um 10:24 schrieb Stefan Bethke <stb at lassitu.de>:
>
> As the maintainer, I've received this bug report:
> https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=255009
>
> If you'd like to run the daemon under a user different from the default git, you also need to change the ownership of the working directories, especially /var/*/gitea.
>
> The expectation is that upgrading the package will not change the ownership of already existing directories. When installing a newer version of the package, pkg appears to reset the ownership to those specified in the package.
>
> The pkg-plist has this:
> @owner git
> @group git
> @dir /var/db/gitea
> @dir /var/log/gitea
> @dir /var/run/gitea
>
> I believe this to be best practice. Is there a better way to have pkg create these dirs if they're missing, but not touch them if they are there already?
Adam has suggested a couple of approaches, but what I would really like is a common, documented way for ports to handle this situation.
Updating ownership and mode of entries in the rc script automatically feels wrong to me, especially if it's a custom one-off for a single port. Kinda creating a POLA violation.
I think as a general approach, checking that directories and files that the port knows will need to be writable for compatible access rights might be the safe choice.
But that still leaves pkg updating the ownership/mode of existing directories as a surprise on updating a package. I think the "right" thing here would be a kind of three-way merge between changes an updated package brings in vs. changes the user has made on their system. That sound complicated to get right.
Stefan
--
Stefan Bethke <stb at lassitu.de> Fon +49 151 14070811
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 488 bytes
Desc: Message signed with OpenPGP
URL: <http://lists.freebsd.org/pipermail/freebsd-ports/attachments/20210426/e333cb88/attachment.sig>
More information about the freebsd-ports
mailing list