[Logcheck-devel] Re: [Logcheck-commits] CVS logcheck/debian
maximilian attems
debian at sternwelten.at
Wed Sep 14 15:58:00 UTC 2005
On Sun, 29 May 2005, CVS User ttroxell wrote:
> Update of /cvsroot/logcheck/logcheck/debian
> In directory haydn:/tmp/cvs-serv9342/debian
>
> Modified Files:
> changelog logcheck.postinst
> Log Message:
> Unfortunately this change breaks policy because we need to keep user's
> existing group, owner, and permissions in tact, so I have to remove it.
>
> It's not too bad though because logcheck can still read the rulefiles.
> It's just sloppy. The best solution proposed thus far was to get
> logcheck user installed in Debian base.
i'm repeatably beaten by that revert.
do a simple: sudo find /etc/logcheck/ -gid 0
and you won't be surprised. :-P
please name the paragraph in the policy you have in mind?
base-passwd states that packages should cope with dynamically allocated
system users and groups.
"packages should avoid requesting such ids"
> --- /cvsroot/logcheck/logcheck/debian/changelog 2005/05/27 00:50:46 1.443
> +++ /cvsroot/logcheck/logcheck/debian/changelog 2005/05/29 04:20:30 1.444
> @@ -53,7 +53,6 @@
> * Added dot to username match in scponly rule.
> * Match more strictly ipv4 address in dhcpd + dhclient rules.
> * Add to ignore.d.server/dhcpd initial udhcpd lines. (Closes: #306388)
> - * Set group ownership on install and on upgrade to catch new rule files.
> * Minor additions to logcheck(8).
> * Add rule for cron nss_ldap message in ignore.d.server/cron.
> * Generalise kernel message no IPv6 routers present level workstation.
> --- /cvsroot/logcheck/logcheck/debian/logcheck.postinst 2005/05/13 15:29:48 1.38
> +++ /cvsroot/logcheck/logcheck/debian/logcheck.postinst 2005/05/29 04:20:30 1.39
> @@ -1,6 +1,6 @@
> #!/bin/sh
>
> -# $Id: logcheck.postinst,v 1.38 2005/05/13 15:29:48 maks-guest Exp $
> +# $Id: logcheck.postinst,v 1.39 2005/05/29 04:20:30 ttroxell Exp $
>
> set -e
>
> @@ -65,9 +65,16 @@
> fi
>
> # need to be done on install and on upgrade for new rule files
> - chgrp -R logcheck /etc/logcheck || true
> + # (Cant do this; breaks policy! -todd)
> + # TODO: Get logcheck user in Debian base.
> + # chgrp -R logcheck /etc/logcheck || true
> +
> + # This gets executed even if there is no $2.
> + if dpkg --compare-versions "$2" lt "1.2.34"; then
> + chgrp -R logcheck /etc/logcheck || true
> + fi
>
> - # Fix Permissions on install or upgrade
> + # Set Permissions on install or upgrade
> if [ ! -n "$2" ] || dpkg --compare-versions "$2" lt "1.2.34"; then
> chown -R logcheck:logcheck /var/lib/logcheck || true
> chmod 2750 /etc/logcheck/ignore.d.paranoid || true
--
maks
More information about the Logcheck-devel
mailing list