retitle 617315 policy /usr/local edge case failure reassign 617315 debian-policy severity 617315 normal thanks
Policy requires that creation/removal of directories in /usr/local
never fail, but its example does fail as seen in this bug report.
Apparently the problem is that the chown or chmod could fail.
One approach would be to guard them like this:
if [ ! -e "$dir" ]; then
if mkdir "$dir" 2>/dev/null; then
if chown "$user":"$group" "$dir"; then
chmod "$mode" "$dir" || true
fi
fi
fi
If the chown fails, the directory is left with the wrong user:group,
but it is either root:root, or some other trusted group, like staff, to
which /usr/local is setgid, so that seems ok. Any member of that group
could mkdir /usr/local/foo themselves and get a similar directory.
I'm unsure whether the chmod should only be run once the chown succeeds, or
always be run. If the chmod is widening the permissions (4775), it seems best
to only do that if the directory has the right owner. If it's narrowing the
permissions (0700), it might be better to always do it.
I'm also unsure whether the error messages should be suppressed.
--
see shy jo
signature.asc
Description: Digital signature

