| 1 |
On Tue, 18 Oct 2011 20:45:50 +0200 |
| 2 |
Fabian Groffen <grobian@g.o> wrote: |
| 3 |
|
| 4 |
> On 18-10-2011 20:34:12 +0200, Burcin Erocal wrote: |
| 5 |
> > > > # Now we look for all world writable files. |
| 6 |
> > > > + if [ "${QA_SKIP_WRITABLE-unset}" == unset ] ; then |
| 7 |
> > > > local i |
| 8 |
> > > > for i in $(find "${D}/" -type f -perm -2); do |
| 9 |
> > > |
| 10 |
> > > How would this work, if you changed the D into ED here? Checking |
| 11 |
> > > files outside of our control is indeed not really useful. |
| 12 |
> > |
| 13 |
> > In that context, printing $D gives $PORTAGE_TMP/$CATEGORY/$P/image |
| 14 |
> > in the prefix. Since these are the new files introduced by the |
| 15 |
> > ebuild, I don't think we need to change that line. Note that this |
| 16 |
> > is already in the portage sources and I didn't touch it. :) |
| 17 |
> |
| 18 |
> Ok, ED doesn't make a difference here. Can you explain why the host |
| 19 |
> system is making world-writable files? What's its rationale to force |
| 20 |
> that on you? Can't you really not just sanitise that (your umask?) |
| 21 |
|
| 22 |
The message below wasn't distributed to gentoo-alt@, probably since |
| 23 |
Alexander is not subscribed to the group. |
| 24 |
|
| 25 |
|
| 26 |
Begin forwarded message: |
| 27 |
|
| 28 |
Date: Wed, 19 Oct 2011 01:12:53 +0200 |
| 29 |
From: Alexander Dreyer <alexander.dreyer@×××××××××××××××.de> |
| 30 |
To: Burcin Erocal <burcin@××××××.org> |
| 31 |
Cc: gentoo-alt@l.g.o |
| 32 |
Subject: Re: Fw: [gentoo-alt] permission test |
| 33 |
|
| 34 |
|
| 35 |
Hi Burcin, |
| 36 |
> can you provide more information about the file system that requires |
| 37 |
> the change for the world writable check? |
| 38 |
> |
| 39 |
> I remember something about making files accessible to the group, but I |
| 40 |
> don't think I can describe the reason sufficiently. |
| 41 |
The file system itself is nothing special, but it is hosted by a |
| 42 |
standalone file server which is exported to our Linux servers. But the |
| 43 |
problem is not cause by a technical issue, but by a social one: |
| 44 |
|
| 45 |
We have shared directories which can only be accessed by a certain |
| 46 |
group of users. The access is managed by ACLs on the toplevel |
| 47 |
directory, s.th. only permitted users gain access to the latter and its |
| 48 |
child directories. Unfortunately the group of users is not a unix group |
| 49 |
- this would not be possible because different projects gain various |
| 50 |
combinations of people. So in order to allow collaboration, files have |
| 51 |
to have world read/writable permissions. |
| 52 |
(Anyway I do not have influence on this setup.) |
| 53 |
|
| 54 |
You can change these permissions afterwards, but newly generated files |
| 55 |
are world-writable in the first (this is enforced by the file server). |
| 56 |
Of course only formally, because the access is restricted by the |
| 57 |
toplevel ACLs. |
| 58 |
|
| 59 |
Please note, that the problem only occurs for generated files, whose |
| 60 |
permissions are never set (using chmod, install or untar sufficies to |
| 61 |
fix the isuue). So I would consider this as a bug of those packages, |
| 62 |
respectively. |
| 63 |
|
| 64 |
BTW: I didn't try out, but FAT-based USB drives often enforce |
| 65 |
world-writable mounts also. |
| 66 |
|
| 67 |
It would already help me a lot, if the warning would not sleep for a |
| 68 |
second. |
| 69 |
|
| 70 |
My best, |
| 71 |
Alexander |
Archives