Hi Morty,
On Di 19 Jul 2011 12:57:57 CEST Moritz Struebe wrote:
A first implementation of the setgid version of x2gosqlitewrapper is now in Git. After a package upgrade your installation should look like this (uidNumber and gidNumber < 1000, but arbitrary):
It might be helpful if you branch first, and clean up before applying patches to master. There are quite a few "fix again"-commits that are rather confusing and makes reviewing rather complicated. I now just diffed against the version from Jul 14. Here are some comments:
Yes, you are right on this. Sorrry for just committing on top of master...
x2goserver/lib/x2gosqlitewrapper.pl: I don't like the reuse of variable names. But this is religion.
Yes, I get that. Feel free to change that.
x2goserver/sbin/x2godbadmin: What is the user context this is run in. Don't we have to do a chgroup, rather then chwon??
The x2godbadmin is run as root (from x2goserver.postinst, e.g.).
debian/x2goserver.postinst(22+): Is running those commands "|| true" ok? Shouldn't they fail if they fail?
This is for later versions of the package that may not have
x2gosqlitewrapper as a file anymore, but still needs to modify the
dpkg-statoverride state. I'd rather like the idea of ignoring failures
at this point as opposed to causing failures during dpkg --install...
debian/x2goserver.postinst(53): This can probably be "chmod 0750 /var/db/x2go" - But we can leave it, I think.
I had thought that, as well. However, I was lucky and caught the
Perl-Sqlite thingy to create a file like this
-rwxr-xr-x mike x2gouser x2go_session-journal
as a temporary file. For this file to be created we need group write
privileges on the /var/db/x2go folder.
debian/x2goserver.postinst: I don't totally understand the dpkg-statoverride-stuff. But maybe someone else can have a look.
The basic idea is to remove all dpkg-statoverride entries that have
been previously introduced by the x2goserver package. This
unfortunately also includes my approach a couple of days age (setuid
on the old Perl script /usr/bin/x2gosqlitewrapper _and_ setuid on the
new Perl script /usr/lib/x2go/x2gosqlitewrapper.pl).
Cheers Morty
Greets, Mike
--
DAS-NETZWERKTEAM mike gabriel, dorfstr. 27, 24245 barmissen fon: +49 (4302) 281418, fax: +49 (4302) 281419
GnuPG Key ID 0xB588399B mail: mike.gabriel@das-netzwerkteam.de, http://das-netzwerkteam.de
freeBusy: https://mail.das-netzwerkteam.de/freebusy/m.gabriel%40das-netzwerkteam.de.xf...