X-Recipient: archive-cygwin AT delorie DOT com
X-Spam-Check-By: sourceware.org
Message-ID: <48AC47CC.4060308@cwilson.fastmail.fm>
Date: Wed, 20 Aug 2008 12:35:24 -0400
From: Charles Wilson <cygwin AT cwilson DOT fastmail DOT fm>
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.0; en-US; rv:1.8.1.16) Gecko/20080708 Thunderbird/2.0.0.16 Mnenhy/0.7.5.666
MIME-Version: 1.0
To: cygwin AT cygwin DOT com
Subject: Re: [ANNOUNCEMENT] Updated: csih-0.1.7-1
References: <announce DOT 48A789B6 DOT 3010103 AT cwilson DOT fastmail DOT fm> <48A78C6F DOT 2050403 AT cwilson DOT fastmail DOT fm> <20080820134209 DOT GN29104 AT calimero DOT vinschen DOT de>
In-Reply-To: <20080820134209.GN29104@calimero.vinschen.de>
Content-Type: text/plain; charset=ISO-8859-1
Content-Transfer-Encoding: 7bit
Mailing-List: contact cygwin-help AT cygwin DOT com; run by ezmlm
List-Id: <cygwin.cygwin.com>
List-Subscribe: <mailto:cygwin-subscribe AT cygwin DOT com>
List-Archive: <http://sourceware.org/ml/cygwin/>
List-Post: <mailto:cygwin AT cygwin DOT com>
List-Help: <mailto:cygwin-help AT cygwin DOT com>, <http://sourceware.org/ml/#faqs>
Sender: cygwin-owner AT cygwin DOT com
Mail-Followup-To: cygwin AT cygwin DOT com
Delivered-To: mailing list cygwin AT cygwin DOT com

Corinna Vinschen wrote:
> I would like to propose to do all the work in the csih script, like
> this:
> 
>   csih_make_dir "${LOCALSTATEDIR}/run"
>   chmod 1777 "${LOCALSTATEDIR}/run"
>   csih_make_dir "${LOCALSTATEDIR}/log"
>   chmod 1777 "${LOCALSTATEDIR}/log"
>   csih_make_dir "${LOCALSTATEDIR}/empty"
>   chmod 755 "${LOCALSTATEDIR}/empty"
>   [... checking permissions ...]
>   csih_make_dir "${SYSCONFDIR}"
>   chmod 755 "${LOCALSTATEDIR}/etc"
               ^^^^^^^^^^^^^^^^^^^^^
I assume you mean "${SYSCONFDIR}" here.  However, if the chmod command
itself fails, that should not be an error, because this code is in
_csih_setup -- which is always run by the major entry points.

including those that might be called by user-config scripts, which are
typically run without elevated privilege.

So, if I try to chmod and the command itself fails -- but the
permissions are still okay, then I shouldn't have an error.

> The /var dirs are now (setup 2.609) created with 01777 permissions
> anyway, but it can't hurt to keep this code in.  The 01777 permissions
> make sure that all daemons can create their files in /var/run, /var/log.
> 
> The code in /bin/ssh-host-config would go away entirely.  The script
> would also test for the *next* csih version 0.1.8.

Sure, that works. Try the following.  I hesitate to actually release
0.1.8 until you finish your testing cycle with the new openssh. Let's
coordinate the release(s).

--
Chuck



--- cygwin-service-installation-helper.sh	17 Aug 2008 01:44:43 -0000	1.12
+++ cygwin-service-installation-helper.sh	20 Aug 2008 16:29:09 -0000
@@ -2030,11 +2030,18 @@
     then
       csih_error "Problem with ${LOCALSTATEDIR} directory. Exiting."
     fi
-
+
+    # attempt to set permissions, but not an error if fail
+    # will verify that we actually HAVE correct permissions below.
     csih_make_dir "${LOCALSTATEDIR}/run"
+    chmod 1777 "${LOCALSTATEDIR}/run" || /bin/true
+
     csih_make_dir "${LOCALSTATEDIR}/log"
+    chmod 1777 "${LOCALSTATEDIR}/log" || /bin/true
+
     csih_make_dir "${LOCALSTATEDIR}/empty"
-
+    chmod 755 "${LOCALSTATEDIR}/empty" || /bin/true
+
     # daemons need write access to /var/run to create pid file
     if ! csih_check_access "${LOCALSTATEDIR}/run" .w.
     then
@@ -2055,7 +2062,8 @@
     # script to explicitly check accees to the specific configuration
     # files inside /etc...
     csih_make_dir "${SYSCONFDIR}"
-
+    chmod 755 "${LOCALSTATEDIR}/etc" || /bin/true
+
     _csih_setup_already_called=1
   fi
 } # === End of _csih_setup() === #

--
Unsubscribe info:      http://cygwin.com/ml/#unsubscribe-simple
Problem reports:       http://cygwin.com/problems.html
Documentation:         http://cygwin.com/docs.html
FAQ:                   http://cygwin.com/faq/