svn commit: r346570 - head/mail/squirrelmail

Adam Weinberger adamw at adamw.org
Sat Mar 1 14:59:59 UTC 2014 

On 1 Mar 2014, at 9:46, Tijl Coosemans wrote:

> On Fri, 28 Feb 2014 15:11:20 -0500 Adam Weinberger wrote:
>> On 28 Feb 2014, at 14:54, Tijl Coosemans wrote:
>>> On Fri, 28 Feb 2014 19:28:24 +0000 (UTC) Adam Weinberger wrote:
>>>> 	${CHMOD} 730 ${STAGEDIR}${SQUIRRELDIR}/attach
>>>> 	${CHMOD} 750 ${STAGEDIR}${SQUIRRELDIR}/data
>>>
>>> I think you can remove the chmod commands too...
>>>
>>>
>>>> Modified: head/mail/squirrelmail/pkg-plist
>>>> ==============================================================================
>>>> --- head/mail/squirrelmail/pkg-plist	Fri Feb 28 19:14:42
>>>> 2014	(r346569)
>>>> +++ head/mail/squirrelmail/pkg-plist	Fri Feb 28 19:28:23
>>>> 2014	(r346570)
>>>> @@ -1,5 +1,7 @@
>>>> etc/periodic/daily/111.clean-squirrelmail
>>>> %%SQUIRRELDIR%%/attach/.htaccess
>>>> + at exec chown %%SMUSER%%:%%SMGROUP%% %B
>>>> + at exec chmod 730 %B
>>>
>>> ...if you do this as follows:
>>>
>>> @owner %%SMUSER%%
>>> @group %%SMGROUP%%
>>> @mode 730
>>> %%SQUIRRELDIR%%/attach/.htaccess
>>> @owner
>>> @group
>>> @mode
>>>
>>> Are you sure that 3 for group permissions is correct?
>>>
>>>> + at exec chown %%SMUSER%%:%%SMGROUP%% %B
>>>> + at exec chmod 750 %B
>>>
>>> Same here, but you could also group it with the .htaccess file 
>>> above.
>>>
>>> The pkg-plist format is explained in the pkg-create manpage by the
>>> way.
>>
>> %B refers to the dirname. Your suggestion would change the ownership 
>> and
>> permissions of the .htaccess file, which would then require an @exec
>> chown and @exec chmod to repair, so it wouldn't really fix anything.
>
> Ah, right.  With pkg you can set permissions on a directory with 
> @owner
> etc. around the @dirrm for that directory.  That doesn't work with the
> old pkg_create but I think @exec chmod does, so you would have to use
> both these methods at the moment.  The problem with the port now is 
> that
> there's a window in which you give write permissions on a directory to
> the wrong group of users.

You're totally right, there is a window. Luckily in this case, in that 
window write access is broken (as opposed to a window where write access 
is granted).

The only thing I could think of was to put
@exec install -d -p 730 -o www -g www etc.etc.etc.

But in addition to being kindof overkill, all these things can only be 
done as root. (But, then again, so does my @exec chown business). 
Perhaps bapt can suggest a solution here? He knows the ins and outs of 
this stuff better than anyone.

I was not aware that pkg let you specify permissions around @dirrm. That 
is neat, but it is quite confusing. Will pkgng one day let us just list 
directories with @dir so that we can apply ownership and permissions 
correctly?

All of this stuff, by the way, @owner and @group and @mode and putting 
things around @dirrm, none of this is in the porter's handbook. There 
are many ports out there that are broken on installation (such as 
dokuwiki) because directories are installed with wrong owners. There 
should be a "DO install directories with correct ownership and 
permissions" section, no?

# Adam


--
Adam Weinberger
adamw at adamw.org
http://www.adamw.org

More information about the svn-ports-head mailing list