[Debian-med-packaging] Bug#924128: prokka: creates world writable directory tree /var/lib/prokka/*
Andreas Tille
andreas at fam-tille.de
Mon Dec 9 19:35:05 GMT 2019
On Mon, Dec 09, 2019 at 05:18:37PM +0100, Michael Crusoe wrote:
> On Sat, 9 Mar 2019 23:26:01 +0100 Andreas Tille <tille at debian.org> wrote:
> > Control: severity -1 normal
> >
> > On Sat, Mar 09, 2019 at 08:24:46PM +0100, Andreas Beckmann wrote:
> > >
> > > during a test with piuparts I noticed your package creates a world
> > > writable directory tree.
> > >
> > > >From the attached log (scroll to the bottom...):
> > >
> > > 0m49.9s ERROR: Command failed (status=1): ['chroot',
> '/srv/piuparts/tmp/tmpLm6y7M',
> 'tmp/scripts/pre_remove_50_find_bad_permissions']
> > > ERROR: BAD PERMISSIONS
> > > drwxrwxrwx 3 root root 60 Mar 5 02:46 /var/lib/prokka
> > > drwxrwxrwx 4 root root 80 Mar 5 02:46 /var/lib/prokka/db
> > > drwxrwxrwx 2 root root 260 Mar 5 02:46 /var/lib/prokka/db/cm
> > > drwxrwxrwx 2 root root 580 Mar 5 02:46 /var/lib/prokka/db/genus
> >
> > I actually did some effort to make this dir world writable since users
> > *need* to write and update these databases. Do your have any suggestion
> > for a better approach which enables every user to update a common
> > database? I was wondering whether I should create a group prokka and
> > making the dir only writable for users belonging to this group. But for
> > a first packaging attempt testing user responses this seemed to be over
> > enginering. There is also some work done at upstream to enable a better
> > solution for user writable databases.
>
> Is making a "prokka" group to own this directory the only option?
I do not see any other option. But I'm wondering if its worth
the effort. If you think its a good idea, just do it.
Kind regards
Andreas.
--
http://fam-tille.de
More information about the Debian-med-packaging
mailing list