On Sun, Mar 21, 2010 at 12:39 AM, a b <obsdmisc...@yahoo.co.uk> wrote:
> Hi,
>
> Would appreciate it if someone could spare a few minutes to outline the
> reasons for the following behaviour :
>
> 1/ Why does OpenBSD not chown files to
> root ?
>
> For example, in my test siteXX.tgz, I had a custom "/etc/sudoers"
> file.
>
> However because this file was created on a different machine as a
> non-root user, on the OpenBSD box, it now has an abritary number reflecting
> the user ID on the other machine. As a result sudo doesn't work ... ;-(
>From the OpenBSD FAQ:
"The siteXX.tgz file set is, like the other file sets, a gzip(1)
compressed tar(1) archive rooted in '/' and is un-tarred like the
other sets with the options xzphf. "
The Fine Manual page for tar describes the "-p" option as:
" Preserve user and group ID as well as file mode regardless of the
current umask(2)"
So it just works like advertised ;)
To deal with the permission there are a few possibilities
Adjust the permissions, owner or group in the install.site script. Or
do this before tarring up the siteXX.tgz file.
Or because patch(1) does not alter permissions, use it in the
install.site script:
# -----------------------------------------------------------------
echo --- patch script for: sudoers --- BEGIN
# --- edit the following line if needed
FILE=/etc/sudoers
#FILE=$( basename ${FILE} )
patch -b -p0 ${FILE} <<END_OF_PATCH
--- ORIG/sudoers Mon Jan 18 18:29:13 2010
+++ NEW/sudoers Sun Jan 31 01:40:07 2010
@@ -38,7 +38,7 @@
# %wheel ALL=(ALL) SETENV: ALL
# Same thing without a password
-# %wheel ALL=(ALL) NOPASSWD: SETENV: ALL
+%wheel ALL=(ALL) NOPASSWD: SETENV: ALL
# Samples
# %users ALL=/sbin/mount /cdrom,/sbin/umount /cdrom
END_OF_PATCH
echo --- patch script for: sudoers --- END
# -----------------------------------------------------------
Use install(1), or create the file in the install.site script
# --------------------------
FILE=/etc/sudoers
#FILE=$( basename ${FILE} )
MOD="u=r,g=r,o="
echo Creating ${FILE}
cat <<END > ${FILE}
# put complete file here
END
chmod $MOD $FILE
# --------------------------------------
>
> 2/
> Why does OpenBSD expect the install.site file to be already chmod 755 ?
>
> I created this as a plain text file on another machine. I spent a long
time
> trying to figure out why the script was not triggering, until I tried chmod
> 755 before gzip'ing and re-running the installer.
Because as explained above, the siteXX.tgz file is untarred using "-p".
I use the following install.site script template, which sources the
actual postinstall script with the sh "." sourcing command, here for
the gutenberg host.
#!/bin/sh
INSTALL_LOG=./var/log/install.report
install -m 660 /dev/null ${INSTALL_LOG}
. ./postinstall_gutenberg 2>&1 | tee ${INSTALL_LOG}
cat <<END
$0 : done
------------------------------------------------------------
END
This way you can monitor the install.site script actions and possible
errors on both the console and have it logged to the
/var/log/install.report file as well.
=Adriaan=
