[Logcheck-devel] issue with permissions

Todd Troxell ttroxell at debian.org
Fri Oct 22 18:19:32 UTC 2004


On Fri, Oct 22, 2004 at 05:24:47PM +0200, maks attems wrote:
> On Fri, 15 Oct 2004, Todd Troxell wrote:
> 
> > On Fri, Oct 15, 2004 at 11:13:31AM +0200, maks attems wrote:
> > > what about fixing that in the Makefile?
> > > install -g logcheck, but that's perhaps postsarge,
> > > to allow other dists to pickup logcheck.
> > 
> > Hmm, this is what I did initially (see early Makefile revisions in CVS.)
> > I don't remember why I changed it... I *think* it was to avoid having to
> > pre-depend on adduser.
> > 
> > Are there any objections to uploading the current version?
> 
> we got a serious bug on logcheck, would be great to fix that this weekend.
> because of latest chown it doesn't build if you don't have a logcheck
> user on your system. 
> 
> my proposition would be to remove that chown in debian/rules,
> and to unconditionalize the logcheck.postinst in order to catch
> upgrades and newinstalls:
> 
> configure)
> 	# Add logcheck user
> 	if dpkg --compare-versions "$2" eq 1.2.19; then
> 		usermod -d /var/lib/logcheck logcheck >
> 		/dev/null 2>&1 || true
> 	elif dpkg --compare-versions "$2" gt 1.2.24; then
> 	else
> 		adduser --quiet --system --no-create-home --group \
> 		--home /var/lib/logcheck logcheck || true
> 		adduser --quiet logcheck adm || true
> 	fi
> 	# Fix Permissions
> 	if dpkg --compare-versions "$2" gt 1.2.24; then
> 	else
> 		chown -R logcheck:logcheck /var/lib/logcheck || true
> 		chgrp -R logcheck /etc/logcheck || true
> 		chmod 750 /etc/logcheck/ignore.d.paranoid || true
> 		chmod 750 /etc/logcheck/ignore.d.workstation || true
> 		chmod 750 /etc/logcheck/ignore.d.server || true
> 		chmod 750 /etc/logcheck/cracking.d || true
> 		chmod 750 /etc/logcheck/cracking.ignore.d || true
> 		chmod 750 /etc/logcheck/violations.d || true
> 		chmod 750 /etc/logcheck/violations.ignore.d || true
> 		chmod -R g+rX /etc/logcheck || true
> 		# just in case 
> 		chown logcheck /var/lock/logcheck > /dev/null > 2>&1 > || true
> 	fi
> 
> that's not beautifull, but may work.
> any other solutions?

Ok, I think this is the best change to make right now as sarge is
approaching.  Right, is certainly not efficient, but unarguably better than
broken permissions.

So if nothing else within the next few days, will go ahead with this on the
weekend.

Cheers,
-Todd

-- 
[   Todd J. Troxell                                         ,''`.
      Student, Debian GNU/Linux Developer, SysAdmin, Geek  : :' :
      http://debian.org || http://rapidpacket.com/~xtat    `. `' 
                                                             `-     ]
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: Digital signature
Url : http://lists.alioth.debian.org/pipermail/logcheck-devel/attachments/20041022/f5acb829/attachment.pgp 


More information about the Logcheck-devel mailing list