Debian Bug report logs - #192981
dpkg: Unmodified permissions of conffile should be updated

Reply or subscribe to this bug.

Display info messages

Message #5 received at submit@bugs.debian.org (full text, mbox, reply):

From: Joey Hess <joeyh@debian.org>

To: Debian Bug Tracking System <submit@bugs.debian.org>

Subject: /etc/default/ssh permissions

Date: Sun, 11 May 2003 16:29:19 -0400

[Message part 1 (text/plain, inline)]

Package: ssh
Version: 1:3.6.1p2-1
Severity: normal

I thought I filed a bug on this before, but cannot find it.
/etc/default/ssh should be mode 644, not 755.

-- System Information:
Debian Release: testing/unstable
Architecture: i386
Kernel: Linux dragon 2.4.20 #1 Fri Apr 11 22:52:20 EDT 2003 i686
Locale: LANG=C, LC_CTYPE=C

Versions of packages ssh depends on:
ii  adduser                     3.50         Add and remove users and groups
ii  debconf                     1.2.35       Debian configuration management sy
ii  libc6                       2.3.1-17     GNU C Library: Shared libraries an
ii  libpam-modules              0.76-10      Pluggable Authentication Modules f
ii  libpam0g                    0.76-10      Pluggable Authentication Modules l
ii  libssl0.9.7                 0.9.7b-2     SSL shared libraries
ii  libwrap0                    7.6-ipv6.1-3 Wietse Venema's TCP wrappers libra
ii  zlib1g                      1:1.1.4-11   compression library - runtime

-- debconf information excluded

-- 
see shy jo

[Message part 2 (application/pgp-signature, inline)]

Message #10 received at 192966@bugs.debian.org (full text, mbox, reply):

From: Colin Watson <cjwatson@debian.org>

To: Joey Hess <joeyh@debian.org>, 192966@bugs.debian.org

Subject: Re: Bug#192966: /etc/default/ssh permissions

Date: Sun, 11 May 2003 22:55:45 +0100

On Sun, May 11, 2003 at 04:29:19PM -0400, Joey Hess wrote:
> Package: ssh
> Version: 1:3.6.1p2-1
> Severity: normal
> 
> I thought I filed a bug on this before, but cannot find it.
> /etc/default/ssh should be mode 644, not 755.

You did (#185537), and it is, in the .deb:

-rw-r--r-- root/root       122 2003-05-05 17:53:17 ./etc/default/ssh

Does dpkg perhaps not resolve permissions properly on conffiles or
something?

-- 
Colin Watson                                  [cjwatson@flatline.org.uk]

Message #15 received at 192966@bugs.debian.org (full text, mbox, reply):

From: Joey Hess <joeyh@debian.org>

To: Colin Watson <cjwatson@debian.org>

Cc: 192966@bugs.debian.org

Subject: Re: Bug#192966: /etc/default/ssh permissions

Date: Sun, 11 May 2003 18:16:00 -0400

[Message part 1 (text/plain, inline)]

Colin Watson wrote:
> On Sun, May 11, 2003 at 04:29:19PM -0400, Joey Hess wrote:
> > Package: ssh
> > Version: 1:3.6.1p2-1
> > Severity: normal
> > 
> > I thought I filed a bug on this before, but cannot find it.
> > /etc/default/ssh should be mode 644, not 755.
> 
> You did (#185537), and it is, in the .deb:
> 
> -rw-r--r-- root/root       122 2003-05-05 17:53:17 ./etc/default/ssh
> 
> Does dpkg perhaps not resolve permissions properly on conffiles or
> something?

I suspect maybe it treats them the same as directories, although this is
the first time I've run into it.

-- 
see shy jo

[Message part 2 (application/pgp-signature, inline)]

Message #20 received at 192966@bugs.debian.org (full text, mbox, reply):

From: Colin Watson <cjwatson@debian.org>

To: Joey Hess <joeyh@debian.org>

Cc: 192966@bugs.debian.org, control@bugs.debian.org, dpkg@packages.debian.org

Subject: Re: Bug#192966: /etc/default/ssh permissions

Date: Sun, 11 May 2003 23:19:46 +0100

clone 192966 -1
reassign -1 dpkg
retitle -1 dpkg: doesn't resolve permissions on conffiles?
thanks

On Sun, May 11, 2003 at 06:16:00PM -0400, Joey Hess wrote:
> Colin Watson wrote:
> > On Sun, May 11, 2003 at 04:29:19PM -0400, Joey Hess wrote:
> > > Package: ssh
> > > Version: 1:3.6.1p2-1
> > > Severity: normal
> > > 
> > > I thought I filed a bug on this before, but cannot find it.
> > > /etc/default/ssh should be mode 644, not 755.
> > 
> > You did (#185537), and it is, in the .deb:
> > 
> > -rw-r--r-- root/root       122 2003-05-05 17:53:17 ./etc/default/ssh
> > 
> > Does dpkg perhaps not resolve permissions properly on conffiles or
> > something?
> 
> I suspect maybe it treats them the same as directories, although this is
> the first time I've run into it.

Cloning this bug off to dpkg, then. I'll hack around it in ssh's
postinst.

Thanks,

-- 
Colin Watson                                  [cjwatson@flatline.org.uk]

Message #31 received at 192981-submitter@bugs.debian.org (full text, mbox, reply):

From: Thomas Hood <jdthood@yahoo.co.uk>

To: 192981-submitter@bugs.debian.org

Subject: Really a bug?

Date: Mon, 01 Mar 2004 20:45:13 +0100

I believe that the bug here arose from /etc/default/ssh being
installed with mode 755 in one package version, as described
in #185537.  Presumably this conffile was preserved across
upgrades (with the wrong mode).  Can this report be closed?
-- 
Thomas Hood <jdthood@yahoo.co.uk>

Message #36 received at 192981-quiet@bugs.debian.org (full text, mbox, reply):

From: Joey Hess <joeyh@debian.org>

To: Thomas Hood <jdthood@yahoo.co.uk>, 192981-quiet@bugs.debian.org

Subject: Re: Bug#192981: Really a bug?

Date: Mon, 1 Mar 2004 18:36:52 -0500

[Message part 1 (text/plain, inline)]

Thomas Hood wrote:
> I believe that the bug here arose from /etc/default/ssh being
> installed with mode 755 in one package version, as described
> in #185537.  Presumably this conffile was preserved across
> upgrades (with the wrong mode).  Can this report be closed?

Either dpkg is broken, or ssh needs to fix the permissions in its
postint. Which I see it does. If dpkg is behaving as intended, this bug
can be closed.

-- 
see shy jo

[signature.asc (application/pgp-signature, inline)]

Message #43 received at 192981@bugs.debian.org (full text, mbox, reply):

From: Justin Pryzby <justinpryzby@users.sourceforge.net>

To: 192981@bugs.debian.org

Subject: dpkg conffile permissions

Date: Tue, 1 Feb 2005 17:06:56 -0500

Hi all,

WRT #192981, dpkg clearly does not install all conffiles with mode
0755; the original problem is explained by the installation by ssh of
an 0755 conffile, the permissions of which was preserved across
upgrades.

With your permission, I would like this bug to be closed.

(Alternately, it could be retitled: "Update file metadata when
preserving across upgrades").

Justin

References

[0] http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=192981

Message #54 received at 192981@bugs.debian.org (full text, mbox, reply):

From: Thomas Hood <jdthood@yahoo.co.uk>

To: 192981@bugs.debian.org

Subject: If this is considered a bug...

Date: Thu, 25 Aug 2005 19:19:03 +0200

I take it that dpkg will be changed someday so that an unmodified
conffile will have its perms updated?

-- 
Thomas Hood

Message #59 received at 192981@bugs.debian.org (full text, mbox, reply):

From: Scott James Remnant <scott@netsplit.com>

To: Thomas Hood <jdthood@yahoo.co.uk>, 192981@bugs.debian.org

Subject: Re: Bug#192981: If this is considered a bug...

Date: Sun, 28 Aug 2005 10:07:50 +0100

[Message part 1 (text/plain, inline)]

On Thu, 2005-08-25 at 19:19 +0200, Thomas Hood wrote:

> I take it that dpkg will be changed someday so that an unmodified
> conffile will have its perms updated?
> 
Yeah, that should be supported I think.  Don't know whether it'll get
fixed in 1.13, but 2.0 would inherently fix it I think.

Scott
-- 
Have you ever, ever felt like this?
Had strange things happen?  Are you going round the twist?

[signature.asc (application/pgp-signature, inline)]

Message #64 received at 192981@bugs.debian.org (full text, mbox, reply):

From: Ian Jackson <ian@davenant.greenend.org.uk>

To: 192981@bugs.debian.org

Subject: dpkg conffile permissions update semantics

Date: Tue, 30 Oct 2007 20:19:01 +0000

retitle 192981 unchanged permissions of conffile should be updated
severity 192981 wishlist
thanks

I don't think it would be correct to overwrite the on-disk permissions
of a conffile from the permissions in the package, just because
neither the user nor package maintainer had changed the _contents_ of
the file.  The existing arrangements are specifically intended to
preserve the decision of a user who merely makes a permissions change
to a conffile.

It might perhaps be desirable to update the permissions on the same
basis as the contents: if the on-disk permissions (mode and ownership)
are identical to those installed in the previous package, and the
maintainer has shipped a package with different permissions, the
on-disk copy should (by default) be updated, etc.

However, that would require dpkg to record the permissions as well as
the contents of the previously installed file, which it currently
doesn't do.

This might be a useful feature but I don't think the lack ought to be
considered a bug.  In the meantime in cases where it is important, the
package maintainer can deal with the problem via maintainer scripts.

There is no reason why a maintainer script should not (with
appropriate care and probably after asking permission) adjust the
permissions of a conffile.  (Note that a maintainer script may not
change the contents of a conffile.)

To avoid problems if this wishlist item were ever to be implemented, a
maintainer who writes a script which adjusts permissions without
prompting (which is a dangerous thing to do and should only be done
after very careful thought) should not set the permissions to anything
other than identical to those shipped in the corresponding package
filesystem archive.  That will avoid spurious conffile permissions
prompts from dpkg in this hypothetical future.

Thanks,
Ian.

Send a report that this bug log contains spam.