On Fri, 18 Oct 2013 14:07:40 +0200
"Leslie P. Polzer | PORT ZERO" <polzer_at_port-zero.com> wrote:
> I've picked up the old mlocate package in testing, bumped
> it to 0.26 and added subpackages and some more amendments.
> For security reasons mlocate should use its own group for
> its setgid binary "locate" and its datadir.
> Putting chgrp calls into the post-install script is frowned
> upon, but the intended group ("locate") does not exist at
> build time. Other packages like bind seem to have their groups
> defined in /etc/group in the base install.
> How should this be handled? I did notice that there is a
> group "slocate" in the default install. Should this be used?
I suppose we could rename slocate to 'locate' in the base install which
sounds like a more sensible group name.
In any case, since the group has not been there from before, the
pre-install script should try create the group and ignore errors if it
Since the dir should be created and set correct permissions by apk the
group needs to exist build time (so we can set permissions in tar
to do that, add this to the APKBUILD:
and during package:
make install DESTDIR="$pkgdir" blabla...
chgrp locate "$pkgdir"/var/lib/the/databasedir
chmod g+s (or something) "$pkgdir"/var/blah
The point is that you set ownership and permissions directly from
Then you can verify that it was set correctly with:
tar -ztvf mlocate-<version>.apk
Received on Fri Oct 18 2013 - 15:34:01 UTC