1 |
On Tue, 18 Oct 2011 20:45:50 +0200 |
2 |
Fabian Groffen <grobian@g.o> wrote: |
3 |
|
4 |
> On 18-10-2011 20:34:12 +0200, Burcin Erocal wrote: |
5 |
> > > > # Now we look for all world writable files. |
6 |
> > > > + if [ "${QA_SKIP_WRITABLE-unset}" == unset ] ; then |
7 |
> > > > local i |
8 |
> > > > for i in $(find "${D}/" -type f -perm -2); do |
9 |
> > > |
10 |
> > > How would this work, if you changed the D into ED here? Checking |
11 |
> > > files outside of our control is indeed not really useful. |
12 |
> > |
13 |
> > In that context, printing $D gives $PORTAGE_TMP/$CATEGORY/$P/image |
14 |
> > in the prefix. Since these are the new files introduced by the |
15 |
> > ebuild, I don't think we need to change that line. Note that this |
16 |
> > is already in the portage sources and I didn't touch it. :) |
17 |
> |
18 |
> Ok, ED doesn't make a difference here. Can you explain why the host |
19 |
> system is making world-writable files? What's its rationale to force |
20 |
> that on you? Can't you really not just sanitise that (your umask?) |
21 |
|
22 |
The message below wasn't distributed to gentoo-alt@, probably since |
23 |
Alexander is not subscribed to the group. |
24 |
|
25 |
|
26 |
Begin forwarded message: |
27 |
|
28 |
Date: Wed, 19 Oct 2011 01:12:53 +0200 |
29 |
From: Alexander Dreyer <alexander.dreyer@×××××××××××××××.de> |
30 |
To: Burcin Erocal <burcin@××××××.org> |
31 |
Cc: gentoo-alt@l.g.o |
32 |
Subject: Re: Fw: [gentoo-alt] permission test |
33 |
|
34 |
|
35 |
Hi Burcin, |
36 |
> can you provide more information about the file system that requires |
37 |
> the change for the world writable check? |
38 |
> |
39 |
> I remember something about making files accessible to the group, but I |
40 |
> don't think I can describe the reason sufficiently. |
41 |
The file system itself is nothing special, but it is hosted by a |
42 |
standalone file server which is exported to our Linux servers. But the |
43 |
problem is not cause by a technical issue, but by a social one: |
44 |
|
45 |
We have shared directories which can only be accessed by a certain |
46 |
group of users. The access is managed by ACLs on the toplevel |
47 |
directory, s.th. only permitted users gain access to the latter and its |
48 |
child directories. Unfortunately the group of users is not a unix group |
49 |
- this would not be possible because different projects gain various |
50 |
combinations of people. So in order to allow collaboration, files have |
51 |
to have world read/writable permissions. |
52 |
(Anyway I do not have influence on this setup.) |
53 |
|
54 |
You can change these permissions afterwards, but newly generated files |
55 |
are world-writable in the first (this is enforced by the file server). |
56 |
Of course only formally, because the access is restricted by the |
57 |
toplevel ACLs. |
58 |
|
59 |
Please note, that the problem only occurs for generated files, whose |
60 |
permissions are never set (using chmod, install or untar sufficies to |
61 |
fix the isuue). So I would consider this as a bug of those packages, |
62 |
respectively. |
63 |
|
64 |
BTW: I didn't try out, but FAT-based USB drives often enforce |
65 |
world-writable mounts also. |
66 |
|
67 |
It would already help me a lot, if the warning would not sleep for a |
68 |
second. |
69 |
|
70 |
My best, |
71 |
Alexander |