On Sat, Aug 02, 2003 at 03:53:00PM -0500, Steve Greenland wrote: > On 02-Aug-03, 14:51 (CDT), Steve Greenland <[EMAIL PROTECTED]> wrote: > > Beyond the coding (which is mostly removing setuid() > > calls), this involves the following changes: > > To ship the setgid program, I need to have the group 'cron' on the > build system. Not a problem for me, of course, but how do I indicate > to the build daemons this requirement? Or should I just set the group > and mode of /usr/bin/crontab and the directories in the postinst? The > downside is that doing so would seem to override any local requirements > or dpkg-statoverrides that the admin might have set. > > I did not find any guidance in either the Policy manual or the > Developers Reference, if I missed it, please point me in the right > direction.
This is a common problem, and there have been discussions recently about how to address it. The solutions which I find most appealing involve creating some simple tools to set ownership to non-existent users in the .deb, and running adduser/addgroup in the preinst. However, until that solution is implemented, the next best thing is usually to do something like: if ! dpkg-statoverride --list $file >/dev/null; then ...do the magic... fi This way, if the admin adds a statoverride, you leave things alone. -- - mdz
