Discussion:
Permissions and ownership of files
Tanguy Ortolo
2010-03-02 09:54:33 UTC
Permalink
Hello,

I have started co-maintaining a webapp package, dokuwiki.

This webapp stores dynamic data – possibly private – on the file system.
I could not find this case on the webapp draft manual (to be added?),
but this directory is currently
www-data:root 0700 /var/lib/dokuwiki/data

It also includes a page for plugin management, that allows to add
components to the webapp. I think this can be considered as dynamic
data:
www-data:root 0755 /var/lib/dokuwiki/plugins

Finally, it also includes a web page for configuration management. This
case is documented in the draft manual:
root:www-data 0664 /etc/dokuwiki/local.php

However, giving write access to the configuration, and specially to the
plugins – that modify the application behaviour –, seems quite sensitive
to me. In addition, the webapp is still usable and manually manageable
without such rights. So I am thinking about using debconf to ask the
user whether he wants to allow it. For the configuration, it results in
a chown/chmod in the postinst. For the plugins, I think it requires a
dpkg-statoverride. Do you know examples of such uses?

Regards,
--
Tanguy Ortolo
sean finney
2010-03-02 18:05:53 UTC
Permalink
hi,
Post by Tanguy Ortolo
This webapp stores dynamic data – possibly private – on the file system.
I could not find this case on the webapp draft manual (to be added?),
but this directory is currently
www-data:root 0700 /var/lib/dokuwiki/data
It also includes a page for plugin management, that allows to add
components to the webapp. I think this can be considered as dynamic
www-data:root 0755 /var/lib/dokuwiki/plugins
Finally, it also includes a web page for configuration management. This
root:www-data 0664 /etc/dokuwiki/local.php
i think that all seems pretty reasonable.
Post by Tanguy Ortolo
However, giving write access to the configuration, and specially to the
plugins – that modify the application behaviour –, seems quite sensitive
to me. In addition, the webapp is still usable and manually manageable
without such rights. So I am thinking about using debconf to ask the
user whether he wants to allow it. For the configuration, it results in
a chown/chmod in the postinst. For the plugins, I think it requires a
dpkg-statoverride. Do you know examples of such uses?
i think it's a good idea. i have some vague memory that there's another
package in the archive that does something with a script to go back
and forth between "editing" and "not editing" modes. i also suspect
you can avoid needing to use dpkg-statoverride, if you're only talking
about conffiles since their permissions are automatically preserved
across updates.


sean

--
Tanguy Ortolo
2010-03-02 18:19:33 UTC
Permalink
i also suspect you can avoid needing to use dpkg-statoverride, if
you're only talking about conffiles since their permissions are
automatically preserved across updates.
But I am not only talking about conffiles: I also have plugins. The
webapp itself is provided with a set of core plugins, and the user can
– and certainly will, as this is one of DokuWiki's greatest advantages –
add other plugins to change the webapp's behaviour, either by putting
them by hand on /var/lib/dokuwiki/plugins, or by adding them through a
plugin management web page. Here, I think dpkg-statoverride is
necessary.
--
Tanguy Ortolo
Loading...