[Pkg-nagios-devel] Bug#361956: nagios2-common: postinstall script uses unconditional chmod/chown, breaking any dpkg-statoverride

Wed May 3 06:19:23 UTC 2006

tags #361956 - patch
tags #361956 confirmed pending
thanks

On Tue, Apr 11, 2006 at 02:35:09PM +0200, Heiko Schlittermann wrote:
> As stated in the subject -- the postinstall uses unconditionally
> chmod/chown.  If the local admin tries to change permissions using
> dpkg-statoverride, these local changes are not respected.

Thanks for spotting this. I have committed the attached patch to svn.

Greetings
Marc

-- 
-----------------------------------------------------------------------------
Marc Haber         | "I don't trust Computers. They | Mailadresse im Header
Mannheim, Germany  |  lose things."    Winona Ryder | Fon: *49 621 72739834
Nordisch by Nature |  How to make an American Quilt | Fax: *49 621 72739835
-------------- next part --------------
Index: debian/nagios2-common.postrm
===================================================================

--- debian/nagios2-common.postrm	(revision 888)
+++ debian/nagios2-common.postrm	(working copy)
@@ -1,10 +1,19 @@
 #!/bin/sh -e
 
+# some shorthands for sanity
+en="/etc/nagios2"
+enc="/etc/nagios2/conf.d"
+usn="/usr/share/nagios2"
+
 case "$1" in
   remove)
   	;;
   purge)
-    rm -rf /var/run/nagios2 /var/log/nagios2 /var/lib/nagios2 \
+        for file in $en/resource.cfg /var/log/nagios2 /var/run/nagios2 \
+	            /var/lib/nagios2 /var/cache/nagios2 /var/lib/nagios2/rw; do
+	    dpkg-statoverride --force --remove $file || true
+	done
+        rm -rf /var/run/nagios2 /var/log/nagios2 /var/lib/nagios2 \
 	       /var/cache/nagios2
 	rm -f /etc/nagios2/htpasswd.users
 	rm -f /etc/nagios2/apache2.conf
Index: debian/changelog
===================================================================
--- debian/changelog	(revision 888)
+++ debian/changelog	(working copy)
@@ -7,8 +7,10 @@
     Thanks to Matt Zagrabelny. (mh) Closes: #360998
   * Create pid file directory dynamically in init script.
     Thanks to Herbert Straub. (mh) Closes: #361239
+  * Honor locally set file/dir permissions in postinst, fixing policy
+    10.9.1 compliance. Thanks to Heiko Schlittermann. (mh) Closes: #361956
 
- -- Marc Haber <mh+debian-packages at zugschlus.de>  Tue,  2 May 2006 16:13:25 +0200
+ -- Marc Haber <mh+debian-packages at zugschlus.de>  Wed,  3 May 2006 08:13:14 +0200
 
 nagios2 (2.2-1) unstable; urgency=low
 
Index: debian/nagios2-common.postinst
===================================================================
--- debian/nagios2-common.postinst	(revision 888)
+++ debian/nagios2-common.postinst	(working copy)
@@ -20,6 +20,19 @@
 # location of the default htpasswd authentication file.
 htpw=$en/htpasswd.users
 
+setperm() {
+    local user="$1"
+    local group="$2"
+    local mode="$3"
+    local file="$4"
+    shift 4
+    # only do something when no setting exists
+    if ! dpkg-statoverride --list "$file" >/dev/null 2>&1; then
+      chown "$user":"$group" "$file"
+      chmod "$mode" "$file"
+    fi
+}
+
 case "$1" in
   configure)
     if ! getent passwd nagios > /dev/null ; then
@@ -76,14 +89,12 @@
 
 	# explicitly set permissions on some files that are dependent
 	# on the uid/gid of the nagios user, which is dynamically created.
-	chown root:nagios $en/resource.cfg
-	chmod 640 $en/resource.cfg
-    install -d -onagios -gadm -m2751 /var/log/nagios2
-    install -d -onagios -gnagios -m750 /var/run/nagios2
-    install -d -onagios -gnagios -m751 /var/lib/nagios2
-	# chown instead of install to preserve permission bits
-	chown nagios /var/lib/nagios2/rw
-    install -d -onagios -gwww-data -m2750 /var/cache/nagios2
+        setperm root nagios 0640 $en/resource.cfg
+        setperm nagios adm 2751 /var/log/nagios2
+        setperm nagios nagios 0750 /var/run/nagios2
+        setperm nagios nagios 0750 /var/lib/nagios2
+        setperm nagios www-data 02750 /var/cache/nagios2
+        setperm nagios www-data 0700 /var/lib/nagios2/rw
 
 	# everything went well, so now let's reset the password
 	db_set nagios2/adminpassword ""
