[X2go-Dev] x2goserver package with setuidwrapper
Mike Gabriel
mike.gabriel at das-netzwerkteam.de
Tue Jul 19 13:28:36 CEST 2011
Hi Morty,
On Di 19 Jul 2011 12:57:57 CEST Moritz Struebe wrote:
>> A first implementation of the setgid version of x2gosqlitewrapper is
>> now in Git. After a package upgrade your installation should look like
>> this (uidNumber and gidNumber < 1000, but arbitrary):
>>
>
> It might be helpful if you branch first, and clean up before applying
> patches to master. There are quite a few "fix again"-commits that are
> rather confusing and makes reviewing rather complicated. I now just
> diffed against the version from Jul 14. Here are some comments:
Yes, you are right on this. Sorrry for just committing on top of master...
> x2goserver/lib/x2gosqlitewrapper.pl: I don't like the reuse of variable
> names. But this is religion.
Yes, I get that. Feel free to change that.
> x2goserver/sbin/x2godbadmin: What is the user context this is run in.
> Don't we have to do a chgroup, rather then chwon??
The x2godbadmin is run as root (from x2goserver.postinst, e.g.).
> debian/x2goserver.postinst(22+): Is running those commands "|| true" ok?
> Shouldn't they fail if they fail?
This is for later versions of the package that may not have
x2gosqlitewrapper as a file anymore, but still needs to modify the
dpkg-statoverride state. I'd rather like the idea of ignoring failures
at this point as opposed to causing failures during dpkg --install...
> debian/x2goserver.postinst(53): This can probably be "chmod 0750
> /var/db/x2go" - But we can leave it, I think.
I had thought that, as well. However, I was lucky and caught the
Perl-Sqlite thingy to create a file like this
-rwxr-xr-x mike x2gouser x2go_session-journal
as a temporary file. For this file to be created we need group write
privileges on the /var/db/x2go folder.
> debian/x2goserver.postinst: I don't totally understand the
> dpkg-statoverride-stuff. But maybe someone else can have a look.
The basic idea is to remove all dpkg-statoverride entries that have
been previously introduced by the x2goserver package. This
unfortunately also includes my approach a couple of days age (setuid
on the old Perl script /usr/bin/x2gosqlitewrapper _and_ setuid on the
new Perl script /usr/lib/x2go/x2gosqlitewrapper.pl).
> Cheers
> Morty
Greets,
Mike
--
DAS-NETZWERKTEAM
mike gabriel, dorfstr. 27, 24245 barmissen
fon: +49 (4302) 281418, fax: +49 (4302) 281419
GnuPG Key ID 0xB588399B
mail: mike.gabriel at das-netzwerkteam.de, http://das-netzwerkteam.de
freeBusy:
https://mail.das-netzwerkteam.de/freebusy/m.gabriel%40das-netzwerkteam.de.xfb
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 490 bytes
Desc: Digitale PGP-Unterschrift
URL: <http://lists.x2go.org/pipermail/x2go-dev/attachments/20110719/0788b323/attachment.pgp>
More information about the x2go-dev
mailing list