* [gentoo-dev] Portage, kernel sources and setgid
@ 2010-04-03 17:11 Michał Górny
2010-04-03 17:45 ` Zac Medico
0 siblings, 1 reply; 2+ messages in thread
From: Michał Górny @ 2010-04-03 17:11 UTC (permalink / raw
To: gentoo-dev
[-- Attachment #1: Type: text/plain, Size: 1023 bytes --]
Hello,
I am using umask 027 on my Gentoo boxes, and setgid bit set on a few
directories crucial to userpriv-enabled merges. This way, I do not have
to worry about running e.g. layman through 'sg' or similar tools, as
all newly-created files inherit portage group ownership, and
newly-created directories inherit the setgid bit.
I would like to be able to use similar solution for compiled kernel
sources, i.e. through setting the setgid bit on /usr/src. But in fact
it is impossible as portage forces setting it's own permissions on all
installed files, thus newly-installed kernel sources do not inherit the
parent group ownership nor the setgid bit.
Now the question is: should such behaviour be considered really correct
and necessary? In my opinion, if user sets setuid/setgid on a parent
directory, shklee knows what shklee is doing and emerge should not
override this system-specific ownership inheritance.
--
Best regards,
Michał Górny
<http://mgorny.alt.pl>
<xmpp:mgorny@jabber.ru>
[-- Attachment #2: signature.asc --]
[-- Type: application/pgp-signature, Size: 198 bytes --]
^ permalink raw reply [flat|nested] 2+ messages in thread
* Re: [gentoo-dev] Portage, kernel sources and setgid
2010-04-03 17:11 [gentoo-dev] Portage, kernel sources and setgid Michał Górny
@ 2010-04-03 17:45 ` Zac Medico
0 siblings, 0 replies; 2+ messages in thread
From: Zac Medico @ 2010-04-03 17:45 UTC (permalink / raw
To: gentoo-dev
On 04/03/2010 10:11 AM, Michał Górny wrote:
> Hello,
>
> I am using umask 027 on my Gentoo boxes, and setgid bit set on a few
> directories crucial to userpriv-enabled merges. This way, I do not have
> to worry about running e.g. layman through 'sg' or similar tools, as
> all newly-created files inherit portage group ownership, and
> newly-created directories inherit the setgid bit.
>
> I would like to be able to use similar solution for compiled kernel
> sources, i.e. through setting the setgid bit on /usr/src. But in fact
> it is impossible as portage forces setting it's own permissions on all
> installed files, thus newly-installed kernel sources do not inherit the
> parent group ownership nor the setgid bit.
>
> Now the question is: should such behaviour be considered really correct
> and necessary? In my opinion, if user sets setuid/setgid on a parent
> directory, shklee knows what shklee is doing and emerge should not
> override this system-specific ownership inheritance.
>
Your issue seems somewhat related to this bug:
http://bugs.gentoo.org/show_bug.cgi?id=141619
My first inclination is to use configuration file for stuff like
this, since it's not really possible to distinguish ad hoc
permission modifications done by the user from incorrect permissions
that are due to other reasons such as faulty ebuilds. It would
probably also be a good idea to record file permissions in
/var/db/pkg/*/*/CONTENTS, so that we'd have some way know when
permissions differ from those initially set by the ebuild, and a way
to detect collisions in directory permissions between 2 different
ebuilds that install files in the same directory.
--
Thanks,
Zac
^ permalink raw reply [flat|nested] 2+ messages in thread
end of thread, other threads:[~2010-04-03 17:45 UTC | newest]
Thread overview: 2+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2010-04-03 17:11 [gentoo-dev] Portage, kernel sources and setgid Michał Górny
2010-04-03 17:45 ` Zac Medico
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox