[Logcheck-devel] Re: [Logcheck-commits] CVS logcheck/debian

maximilian attems debian at sternwelten.at
Wed Sep 14 15:58:00 UTC 2005 

On Sun, 29 May 2005, CVS User ttroxell wrote:

> Update of /cvsroot/logcheck/logcheck/debian
> In directory haydn:/tmp/cvs-serv9342/debian
> 
> Modified Files:
> 	changelog logcheck.postinst 
> Log Message:
> Unfortunately this change breaks policy because we need to keep user's 
> existing group, owner, and permissions in tact, so I have to remove it.
> 
> It's not too bad though because logcheck can still read the rulefiles.  
> It's just sloppy.  The best solution proposed thus far was to get 
> logcheck user installed in Debian base.
 
i'm repeatably beaten by that revert.
do a simple:  sudo find /etc/logcheck/ -gid 0
and you won't be surprised. :-P

please name the paragraph in the policy you have in mind?

base-passwd states that packages should cope with dynamically allocated
system users and groups.
"packages should avoid requesting such ids"

 
> --- /cvsroot/logcheck/logcheck/debian/changelog	2005/05/27 00:50:46	1.443
> +++ /cvsroot/logcheck/logcheck/debian/changelog	2005/05/29 04:20:30	1.444
> @@ -53,7 +53,6 @@
>    * Added dot to username match in scponly rule.
>    * Match more strictly ipv4 address in dhcpd + dhclient rules.
>    * Add to ignore.d.server/dhcpd initial udhcpd lines. (Closes: #306388)
> -  * Set group ownership on install and on upgrade to catch new rule files.
>    * Minor additions to logcheck(8).
>    * Add rule for cron nss_ldap message in ignore.d.server/cron.
>    * Generalise kernel message no IPv6 routers present level workstation.
> --- /cvsroot/logcheck/logcheck/debian/logcheck.postinst	2005/05/13 15:29:48	1.38
> +++ /cvsroot/logcheck/logcheck/debian/logcheck.postinst	2005/05/29 04:20:30	1.39
> @@ -1,6 +1,6 @@
>  #!/bin/sh
>  
> -# $Id: logcheck.postinst,v 1.38 2005/05/13 15:29:48 maks-guest Exp $
> +# $Id: logcheck.postinst,v 1.39 2005/05/29 04:20:30 ttroxell Exp $
>  
>  set -e
>  
> @@ -65,9 +65,16 @@
>          fi
>  
>  	# need to be done on install and on upgrade for new rule files
> -	chgrp -R logcheck /etc/logcheck || true
> +	# (Cant do this; breaks policy! -todd)
> +	# TODO: Get logcheck user in Debian base.
> +	# chgrp -R logcheck /etc/logcheck || true
> +
> +	# This gets executed even if there is no $2.
> +	if dpkg --compare-versions "$2" lt "1.2.34"; then
> +	  chgrp -R logcheck /etc/logcheck || true
> +	fi
>  
> -    	# Fix Permissions on install or upgrade
> +    	# Set Permissions on install or upgrade
>  	if [ ! -n "$2" ] || dpkg --compare-versions "$2" lt "1.2.34"; then
>      	  chown -R logcheck:logcheck /var/lib/logcheck  || true
>            chmod 2750 /etc/logcheck/ignore.d.paranoid || true
 
--
maks

More information about the Logcheck-devel mailing list