Bug#361956: nagios2-common: postinstall script uses unconditional chmod/chown, breaking any dpkg-statoverride

Tue, 11 Apr 2006 06:11:47 -0700 

Package: nagios2-common
Version: 2.1-1
Severity: serious
Tags: patch
Justification: Policy 10.9.1

As stated in the subject -- the postinstall uses unconditionally
chmod/chown.  If the local admin tries to change permissions using
dpkg-statoverride, these local changes are not respected.

-- System Information:
Debian Release: testing/unstable
Architecture: i386 (i686)
Shell:  /bin/sh linked to /bin/bash
Kernel: Linux 2.6.16.jumper
Locale: LANG=C, LC_CTYPE=de_DE.UTF-8 (charmap=UTF-8)

diff -ruN nagios2-2.1/debian/lintian/overrides/nagios2-common 
nagios2-2.hs/debian/lintian/overrides/nagios2-common
--- nagios2-2.1/debian/lintian/overrides/nagios2-common 2006-04-11 
14:15:11.000000000 +0200
+++ nagios2-2.hs/debian/lintian/overrides/nagios2-common        1970-01-01 
01:00:00.000000000 +0100
@@ -1 +0,0 @@
-non-standard-file-perm etc/nagios2/resource.cfg 0600 != 0644
diff -ruN nagios2-2.1/debian/nagios2-common.install 
nagios2-2.hs/debian/nagios2-common.install
--- nagios2-2.1/debian/nagios2-common.install   2006-04-11 14:15:11.000000000 
+0200
+++ nagios2-2.hs/debian/nagios2-common.install  2006-04-11 14:09:30.000000000 
+0200
@@ -5,6 +5,5 @@
 sample-config/template-object/README 
/usr/share/doc/nagios2-common/examples/template-object
 sample-config/template-object/*.cfg 
/usr/share/doc/nagios2-common/examples/template-object
 debian/httpd.webapps-common /usr/share/nagios2/debian
-debian/lintian/overrides/nagios2-common usr/share/lintian/overrides
 debian/gateway.cfg usr/share/nagios2/debian
 debian/extcommands.cfg usr/share/nagios2/debian
diff -ruN nagios2-2.1/debian/nagios2-common.postinst 
nagios2-2.hs/debian/nagios2-common.postinst
--- nagios2-2.1/debian/nagios2-common.postinst  2006-04-11 14:15:11.000000000 
+0200
+++ nagios2-2.hs/debian/nagios2-common.postinst 2006-04-11 11:48:57.000000000 
+0200
@@ -20,6 +20,16 @@
 # location of the default htpasswd authentication file.
 htpw=$en/htpasswd.users
 
+# useful functions
+setperm() {
+    local user="$1"; shift
+    local group="$1"; shift
+    local mode="$1"; shift
+    local file="$1"; shift
+    dpkg-statoverride --list "$file" >/dev/null && return 0
+    dpkg-statoverride --update --add "$user" "$group" "$mode" "$file"
+}
+
 case "$1" in
   configure)
     if ! getent passwd nagios > /dev/null ; then
@@ -76,14 +86,15 @@
 
        # explicitly set permissions on some files that are dependent
        # on the uid/gid of the nagios user, which is dynamically created.
-       chown root:nagios $en/resource.cfg
-       chmod 640 $en/resource.cfg
-    install -d -onagios -gadm -m2751 /var/log/nagios2
-    install -d -onagios -gnagios -m750 /var/run/nagios2
-    install -d -onagios -gnagios -m750 /var/lib/nagios2
-       # chown instead of install to preserve permission bits
-       chown nagios /var/lib/nagios2/rw
-    install -d -onagios -gwww-data -m2750 /var/cache/nagios2
+       # .hs
+       # Do not forget to remove these statoverrides when purging the
+       # package!
+       setperm root nagios 0640 $en/resource.cfg
+       setperm nagios adm 2751 /var/log/nagios2
+       setperm nagios nagios 0750 /var/run/nagios2
+       setperm nagios nagios 0750 /var/lib/nagios2
+       setperm nagios www-data 02750 /var/cache/nagios2
+       setperm nagios www-data 0700 /var/lib/nagios2/rw
 
        # everything went well, so now let's reset the password
        db_set nagios2/adminpassword ""
diff -ruN nagios2-2.1/debian/nagios2-common.postrm 
nagios2-2.hs/debian/nagios2-common.postrm
--- nagios2-2.1/debian/nagios2-common.postrm    2006-04-11 14:15:11.000000000 
+0200
+++ nagios2-2.hs/debian/nagios2-common.postrm   2006-04-11 11:50:02.000000000 
+0200
@@ -13,6 +13,13 @@
        ucf --purge /etc/nagios2/apache2.conf
        ucf --purge /etc/nagios2/conf.d/host-gateway_nagios2.cfg
        #ucf --purge /etc/nagios2/conf.d/extcommands_nagios2.cfg
+
+       dpkg-statoverride --force --remove /etc/nagios2/resource.cfg
+       dpkg-statoverride --force --remove /var/log/nagios2
+       dpkg-statoverride --force --remove /var/run/nagios2
+       dpkg-statoverride --force --remove /var/lib/nagios2
+       dpkg-statoverride --force --remove /var/cache/nagios2
+       dpkg-statoverride --force --remove /var/lib/nagios2/rw
     ;;
 esac
 
diff -ruN nagios2-2.1/debian/rules nagios2-2.hs/debian/rules
--- nagios2-2.1/debian/rules    2006-04-11 14:15:11.000000000 +0200
+++ nagios2-2.hs/debian/rules   2006-04-11 14:12:23.000000000 +0200
@@ -137,10 +137,9 @@
        # remove empty directory
        rmdir --ignore-fail-on-non-empty -p $b/nagios2/var/lib/nagios2/archives
        # set up /var/cache/nagios2 for access by www-data
-       chgrp www-data ${bnc}/var/cache/nagios2
-       chmod g+s ${bnc}/var/cache/nagios2
-       chown root:www-data ${bnc}/var/lib/nagios2/rw
-       chmod 700 ${bnc}/var/lib/nagios2/rw
+       # Permissions are set in postinstall using dpkg-statoverride
+       # for following parts: /var/cache/nagios2
+       #                      /var/lib/nagios2/rw
        # alter some installed filenames/locations
        mv ${b}/nagios2/usr/sbin/nagios ${b}/nagios2/usr/sbin/nagios2
        mv ${b}/nagios2/usr/sbin/nagiostats ${b}/nagios2/usr/sbin/nagios2stats
@@ -181,7 +180,7 @@
        # XXX some stuff below here is commented out
        #install -m 755 cgi/grouplist.cgi.in 
debian/$@/usr/lib/cgi-bin/nagios/grouplist.cgi
        dh_compress          -i
-       dh_fixperms          -i -Xnagios2/resource.cfg
+       dh_fixperms          -i 
        dh_installdebconf    -i
        dh_installdeb        -i
        dh_gencontrol        -i

Reply via email to