FS#7947 - lighttpd changed my permissions on /

Attached to Project: Arch Linux
Opened by Adam Štrauch (Cx) - Monday, 03 September 2007, 13:20 GMT
Last edited by Pierre Schmitz (Pierre) - Monday, 14 July 2008, 01:34 GMT
Task Type Bug Report
Category Packages: Extra
Status Closed
Assigned To Tobias Kieslich (tobias)
Pierre Schmitz (Pierre)
Architecture All
Severity Critical
Priority Normal
Reported Version 2007.08 Don't Panic
Due in Version Undecided
Due Date Undecided
Percent Complete 100%
Votes 2
Private No

Details

Hallo

After upgrade my system today i lost every permissions on my / :( Lighttpd contains script for changing permissions on document-root and temporarily i set it on / and i did't know about it :( Is it really necessary to change permissions on package which is just upgrated?

P.S. Sorry for my english.
This task depends upon

Closed by  Pierre Schmitz (Pierre)
Monday, 14 July 2008, 01:34 GMT
Reason for closing:  Fixed
Additional comments about closing:  removed "magic" from install script
Comment by Pierre Schmitz (Pierre) - Tuesday, 04 September 2007, 13:47 GMT
Using / as document root is a very bad idea anyway. So I don`t think this is a packaging issue.
Comment by Adam Štrauch (Cx) - Tuesday, 04 September 2007, 14:05 GMT
Yes, it is, i shame :( I hadn't it on my eyes, i use simple vhost and document-root not. But the package change owner in running system, it is not good. If i set owner for my files, then set document-root to this files so after upgrade it will not be my files.
Comment by Georg Grabler (STiAT) - Friday, 14 September 2007, 07:22 GMT
In my opinion, the install script should be able to handle any document root given.

Also, adam, please attach the patch you created for this issue (as we talked on jabber lately), so we can have a look at it.

Thanks,
Georg
Comment by Georg Grabler (STiAT) - Friday, 14 September 2007, 07:47 GMT
Hmh, i'm just thinking about if it's the "best choice" anyway to fetch the data out of the configuration, or just leave it as it is. I wouldn't like of any of those scripts updates my files, which might be considered for a different use.
Comment by Dan McGee (toofishes) - Wednesday, 09 January 2008, 18:46 GMT
Updating files seems like a bad idea...I would highly recommend the install script didn't do this. The user really can figure out how to configure it, no?
Comment by Adam Štrauch (Cx) - Thursday, 10 January 2008, 10:53 GMT
Yes... may be i would kill upgrade script (same as install).
Comment by Mark Taylor (skymt) - Saturday, 03 May 2008, 22:31 GMT
I did a little refactoring to lighttpd.install. The warning message is now in a separate function, removing the need to call post_install from post_upgrade. Now the permissions changes are only applied on install. If the user changes document-root and forgets to fix the permissions, it's his own fault. ;)
   lighttpd.install (2.8 KiB)
Comment by Mark Taylor (skymt) - Saturday, 03 May 2008, 22:33 GMT
Uh, use this one instead. I missed a bracket in the first.
   lighttpd.install (2.8 KiB)
Comment by Glenn Matthys (RedShift) - Tuesday, 17 June 2008, 09:34 GMT
Why does the .install file modify directory permissions directly on the target system? This looks like a very invasive .install script, the kind we don't want.
Comment by Gavin Bisesi (Daenyth) - Tuesday, 08 July 2008, 02:41 GMT
The .install script seems to still be not updated.
Comment by Tobias Kieslich (tobias) - Tuesday, 08 July 2008, 04:01 GMT
Actually, I just passed on the responsibility for this package to pierre an he wants to make some big changes, aka less magic in the install script and no /home/lighttpd anymore instead it will reflect the cahnges he made to the apache package already. So I think we will finally see some progress here.

Loading...