Gentoo Archives: gentoo-dev

From: Zac Medico <zmedico@g.o>
To: gentoo-dev@l.g.o
Subject: Re: [gentoo-dev] Portage, kernel sources and setgid
Date: Sat, 03 Apr 2010 17:45:03
In Reply to: [gentoo-dev] Portage, kernel sources and setgid by "Michał Górny"
1 On 04/03/2010 10:11 AM, Michał Górny wrote:
2 > Hello,
3 >
4 > I am using umask 027 on my Gentoo boxes, and setgid bit set on a few
5 > directories crucial to userpriv-enabled merges. This way, I do not have
6 > to worry about running e.g. layman through 'sg' or similar tools, as
7 > all newly-created files inherit portage group ownership, and
8 > newly-created directories inherit the setgid bit.
9 >
10 > I would like to be able to use similar solution for compiled kernel
11 > sources, i.e. through setting the setgid bit on /usr/src. But in fact
12 > it is impossible as portage forces setting it's own permissions on all
13 > installed files, thus newly-installed kernel sources do not inherit the
14 > parent group ownership nor the setgid bit.
15 >
16 > Now the question is: should such behaviour be considered really correct
17 > and necessary? In my opinion, if user sets setuid/setgid on a parent
18 > directory, shklee knows what shklee is doing and emerge should not
19 > override this system-specific ownership inheritance.
20 >
22 Your issue seems somewhat related to this bug:
26 My first inclination is to use configuration file for stuff like
27 this, since it's not really possible to distinguish ad hoc
28 permission modifications done by the user from incorrect permissions
29 that are due to other reasons such as faulty ebuilds. It would
30 probably also be a good idea to record file permissions in
31 /var/db/pkg/*/*/CONTENTS, so that we'd have some way know when
32 permissions differ from those initially set by the ebuild, and a way
33 to detect collisions in directory permissions between 2 different
34 ebuilds that install files in the same directory.
35 --
36 Thanks,
37 Zac