Re: [Ltib] World writable dirs in ltib

[Stuart Hughes]

Svein Seldal wrote:
> Stuart Hughes wrote:
> > > My core point is that I propose a fix where you don't need 777 
> > > permissions on either of these directories.
> > >
> > > The patch for rpm-fs*.rpm does not set the permissions for the two 
> > > areas above to root (with 777). Instead it will use the owner of the 
> > > build user for these directories. This ensures that the dirs will 
> > > work when you're on a single user machine (which most are, I guess). 
> > > For those of us on multiuser machines, the sysop would need to change 
> > > the permissions accordingly.
> > >
> > > Next the patch for ltib properly tests the access to pkg cache (by 
> > > using access() instead of just looking at the file permissions). And 
> > > it will not change the permissions in case of wrong access.
> >
> > I will take another look at these and get back to you.
>
> Would you please consider the patch for the ltib at least. It does the 
> following tests for the lpp:
>
>    1) -e  and mkdir if not
>    2) -d  and die if not (in case the file does exist as something else)
>    3) -r and -w  using access()
>
> The latter is my most important and prudent point. -r and -w will by 
> default only check the user r and w bits of the file's permissions. Same 
> will stat(). By instructing perl to use access() it can check if the 
> user really has -r or -w access (via ACL or by group/world permissions).
>
> However, without going into a discussion, I would not recommend doing a 
> chmod in case no 3) fails.

How about the attached patch?

Regards, Stuart


Index: ltib
===================================================================
RCS file: /sources/ltib/ltib/ltib,v
retrieving revision 1.39
diff -u -r1.39 ltib
--- ltib        10 Jul 2009 10:06:05 -0000      1.39
+++ ltib        10 Jul 2009 10:40:01 -0000
@@ -2513,17 +2513,29 @@
  $cf->{lpp}
 
 Either change to a global directory you have write permissions to,
-or create it as root.  Please set the permissions to 777
+or create it as root.  Please set the permissions to 777, or something
+that will enable you and anyone else working on this machine to
+be able to create files in that directory.
 
 TXT
     }
-    my $lpp_mode = (stat("$cf->{lpp}"))[2];
-    unless( ($lpp_mode & 040777) == 040777 ) {
-        chmod(0777, $cf->{lpp}) == 1  or die <<TXT;
+    if(! -d $cf->{lpp} ) {
+        die <<TXT;
 
-Build script aborting as the lpp directory is not configured properly.
-Directory: $cf->{lpp} must exist with read, write, and search
-permissions for owner, group, and world, i.e. drwxrwxrwx
+The download area (lpp): $cf->{lpp} exists but is not a directory.
+
+The default download area normally set to $cf->{defpfx}/pkgs.
+If you have changed this, please carefully re-check this setting.
+
+TXT
+    }
+    use filetest 'access';
+    unless(-w $cf->{lpp} && -r $cf->{lpp}) {
+        die <<TXT;
+
+Build script aborting as the lpp download directory is not configured properly.
+This directory: $cf->{lpp}
+must have read, write, and search permissions for the user: $cf->{username} 
 
 TXT
     }