[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[debian-devel:13629] Re: dpkg-statoverride
ä½é‡Žï¼ 浜æ¾ã§ã™ã€‚
In <20010207081351X.kohda@xxxxxxxxxxxxxxxxxxxx>,
on "Wed, 7 Feb 2001 08:12:39 +0900',
with "[debian-devel:13625] Re: dpkg-statoverride",
Atsuhito Kohda <kohda@xxxxxxxxxxxxxxxxxxxx> ã•ã‚“ wrote:
> > ã§ã€ã¡ã‚‡ã£ã¨èªã‚“ã ã ã‘ã§ã™ãŒã€ã“ã‚Œ postinst ã§ä½¿ã†ã‚“ã˜ã‚ƒãªã„ã‹ãª ?
>
> ã‚„ã£ã±ã‚Šãã†ãªã®ã‹ãªã€‚unstable ãªãƒžã‚·ãƒ³ã® /var/lib/dpkg/info/
> 㧠grep dpkg-statoverride ã—ãŸã®ã§ã¯è©²å½“ç„¡ã—ã§ã—ãŸã€‚
ãªã‚“ã‹ JP diary èªã‚“ã ら
NEW 今日ã®debian-mentors
SUB Re: dh_suidregister -> ?
! <20010206002653.A19053@xxxxxxxxxxxxx>
CITE
PRE
> > Packages should almost never call dpkg_statoverride themselves.
>
> Earlier, that meant that the setuid/setgid bits got cleared
> automatically by some daemon, is that not true anymore? Also, since the
> setgid/setuid bit isn't in the actual package in my case (it can't be -
> the group isn't created until after the package is decompressed), I
> *need* to set the permissions on the file each time.
/PRE
Excerpt from the man page of dpkg-statoverride:
UL
LI This can be used to force programs that are normally setuid to be
LI install without a setuid flag, or only executable by a certain group.
/UL
In other words,
STRONG dpkg
will override the package's requested owner and
mode info with whatever the user has required. No daemon is required.
I'm not sure if dpkg applies statoverrides at unpack time or after
scripts have run. If it's the former, you have a problem. If it's the
latter, you don't. I'd ask the dpkg people.
/CITE
ã¨ã‹æ›¸ã„ã¦ã‚ã£ãŸã‚Šã€‚
パッケージãŒå±•é–‹ã•ã‚Œã‚‹å‰ã«å˜åœ¨ã—ã¦ã„ã‚‹ã¯ãšã®ãƒ¦ãƒ¼ã‚¶ãƒ¼ã‚„グループã«
suid/sgid ã™ã‚‹å ´åˆãªã‚‰ã€å˜ã«ãƒ‘ッケージを作æˆã™ã‚‹å‰ã« rules 㧠chmod
ã—ã¦ãŠãã ã‘ã§ã„ã„ã¨ã„ã†ã“ã¨ã¿ãŸã„。
ã§ã‚‚ã€å…ƒã€… suidregister を使ã£ã¦ã„ãŸãƒ‘ッケージã ã¨ã€ã—ã°ã‚‰ãã¯
éŽæ¸¡æŽªç½®ã¨ã—㦠dpkg-statoverride --import ã—ã¦ãŠã„ãŸã»ã†ãŒè‰¯ã„ã‚“ã˜ã‚ƒ
ãªã„ã®ã‹ãªã€‚ãã®ã¸ã‚“ã‚‚ dpkg ãŒè‡ªå‹•ã§é¢å€’ã¿ã¦ãれるんã ã‚ã†ã‹ ?
ã‚ã¨ã€ã“ã® diary ã§ç´¹ä»‹ã•ã‚Œã¦ã„る例ã¨ã„ã†ã®ã¯ã€ã©ã†ã‚„らパッケージãŒ
インストールã•ã‚Œã¦åˆã‚ã¦ä½œæˆã•ã‚Œã‚‹ã‚°ãƒ«ãƒ¼ãƒ— (ãã‚“ãªã®ã‚ã‚‹ã®ã‹ ?) ã«
sgid ã—ãŸã„å ´åˆã«ã¯ã€ãƒ‘ッケージã®ä¸ã« sgid è¨å®šã—ãŸçŠ¶æ…‹ã§ãƒ•ã‚¡ã‚¤ãƒ«ã‚’
æ ¼ç´ã—ã¦ãŠãã“ã¨ã¯ä¸å¯èƒ½ã ã¨ã„ã†ã“ã¨ã‚‰ã—ã„ã§ã™ã。
--
# (ã‚ãŸã—ã®ãŠã†ã¡ã¯æµœæ¾å¸‚ã€ã€Œå¤œã®ãŠè“åã€ã§æœ‰åã•ã€‚)
<kgh12351@xxxxxxxxxxx> : Taketoshi Sano (ä½é‡Žã€€æ¦ä¿Š)