Ian Pratt
2005-Dec-01 13:58 UTC
RE: [Xen-devel] [PATCH] install.sh: install as root with reasonablepermissions
> Currently install.sh doesn''t change the source tree, which is > a good thing. This allows it to be run by root when the tree > is on a root squashing NFS export. If the permissions need > fixing, can we doing it during the build instead?I think the best soloution is to have the install script leave the dist/install tree unmodified, but to fix up the permissions/ownership on the destination. The easiest way of doing this may be to copy everything to /tmp, fixup, and then install. Ian> cheers, > robert > > On Nov 30, 2005, at 16:33, Horms wrote: > > > Hi, > > > > The topic of creating uninstall.sh came up recently, so I > though I''d > > throw this install.sh patch into the ring. > > > > I noticed when running install.sh as non-root with a custom > umask of > > 0077, that amongst other things /lib becamed owned by my > userid with > > mode 0700. > > Which was not an entirley expected or desirable outcome. > > > > The patch below attempts to make install.sh install files as root, > > with the permisions that would be created if umask is 0022. > That is, > > directories are at least mode 755, and files are at least mode 644. > > Its a bit crude, but seems at the very least to be an > improvement on > > the current situation. > > > > An improvement would be to make sure that files are installed into > > install/ with the permissions that they should ultimately > be installed > > into /root with. This would require somewhat more extensive changes > > than the chown effected below. > > > > -- > > Horms > > > > > > # HG changeset patch > > # User Horms <horms@verge.net.au> > > # Node ID 1b6ef5cde5b123b86f1a11f0709d4b1347d47ce1 > > # Parent 37d3e34dfdac009eac2bb040ff79ae711b2d50f9 > > Make sure files are installed as root with reasonable permissions > > > > * Fix the permissions in $src, as in some cases, > > particularly in lib and user/lib/python, they will > > have been created with the prevailing umask. > > After install this umask will cover /lib and /usr/lib/python, > > and if the umask is restrictive, this will cause all > > sorts of weird failures. > > * Make sure files are installed using tar are installed as root.root > > > > Signed-Off-By: Horms <horms@verge.net.au > > > > diff -r 37d3e34dfdac -r 9570d0b15d6e install.sh > > --- a/install.sh Sat Nov 26 11:37:18 2005 > > +++ b/install.sh Mon Nov 28 02:56:54 2005 > > @@ -22,8 +22,11 @@ > > exit 1 > > fi > > > > +echo "Fixing permissions in ''$src/lib''" > > +find $src | xargs chmod a+rX > > + > > echo "Installing Xen from ''$src'' to ''$dst''..." > > -(cd $src; tar -cf - --exclude etc/init.d --exclude etc/hotplug -- > > exclude etc/udev * ) | tar -C $dst -xf - > > +(cd $src; tar -cf - --owner 0 --group 0 --exclude etc/init.d -- > > exclude etc/hotplug --exclude etc/udev * ) | tar -C $dst -xf - cp > > -fdRL $src/etc/init.d/* $dst/etc/init.d/ echo "All done." > > > > diff -r 37d3e34dfdac -r 1b6ef5cde5b1 install.sh > > --- a/install.sh Sat Nov 26 11:37:18 2005 > > +++ b/install.sh Mon Nov 28 02:58:09 2005 > > @@ -22,8 +22,11 @@ > > exit 1 > > fi > > > > +echo "Fixing permissions in ''$src''" > > +find $src | xargs chmod a+rX > > + > > echo "Installing Xen from ''$src'' to ''$dst''..." > > -(cd $src; tar -cf - --exclude etc/init.d --exclude etc/hotplug -- > > exclude etc/udev * ) | tar -C $dst -xf - > > +(cd $src; tar -cf - --owner 0 --group 0 --exclude etc/init.d -- > > exclude etc/hotplug --exclude etc/udev * ) | tar -C $dst -xf - cp > > -fdRL $src/etc/init.d/* $dst/etc/init.d/ echo "All done." > > > > > > > > _______________________________________________ > > Xen-devel mailing list > > Xen-devel@lists.xensource.com > > http://lists.xensource.com/xen-devel > > > > > _______________________________________________ > Xen-devel mailing list > Xen-devel@lists.xensource.com > http://lists.xensource.com/xen-devel >_______________________________________________ Xen-devel mailing list Xen-devel@lists.xensource.com http://lists.xensource.com/xen-devel
Horms
2005-Dec-02 02:25 UTC
[Xen-devel] Re: [PATCH] install.sh: install as root with reasonable permissions
Ian Pratt <m+Ian.Pratt@cl.cam.ac.uk> wrote:>> Currently install.sh doesn''t change the source tree, which is >> a good thing. This allows it to be run by root when the tree >> is on a root squashing NFS export. If the permissions need >> fixing, can we doing it during the build instead? > > I think the best soloution is to have the install script leave the > dist/install tree unmodified, but to fix up the permissions/ownership on > the destination. The easiest way of doing this may be to copy everything > to /tmp, fixup, and then install.Hi Ian, I played around with a few other ideas and I think that the /tmp option is a clean and easy solution. Here is a patch that does this. # HG changeset patch # User Horms <horms@verge.net.au> # Node ID 651f32f67427ebb167eb2b6d921182bb21da2a7b # Parent 340bec28050f360b9d800fb354abfd6b5ee80bd2 [INSTALL] Fix owner and permissions for installed files Make sure that installed files have sensible permissions and are owned by the user running install, presumably root. Without this patch, if the user that does the build has a restrictive umask, say 0077, and the install is done into /, then /lib, will become only accessable to that user. Signed-Off-By: Horms <horms@verge.net.au> diff -r 340bec28050f -r 651f32f67427 install.sh --- a/install.sh Fri Dec 2 02:16:21 2005 +++ b/install.sh Fri Dec 2 02:21:15 2005 @@ -22,19 +22,25 @@ exit 1 fi +tmp="`mktemp -d`" + echo "Installing Xen from ''$src'' to ''$dst''..." -(cd $src; tar -cf - --exclude etc/init.d --exclude etc/hotplug --exclude etc/udev * ) | tar -C $dst -xf - -cp -fdRL $src/etc/init.d/* $dst/etc/init.d/ +(cd $src; tar -cf - --exclude etc/init.d --exclude etc/hotplug --exclude etc/udev * ) | tar -C "$tmp" -xf - +cp -fdRL $src/etc/init.d/* "$tmp"/etc/init.d/ echo "All done." [ -x "$(which udevinfo)" ] && \ UDEV_VERSION=$(udevinfo -V | sed -e ''s/^[^0-9]* \([0-9]\{1,\}\)[^0-9]\{0,\}/\1/'') if [ -n "$UDEV_VERSION" ] && [ $UDEV_VERSION -ge 059 ]; then - cp -f $src/etc/udev/rules.d/*.rules $dst/etc/udev/rules.d/ + cp -f $src/etc/udev/rules.d/*.rules "$tmp/etc/udev/rules.d/" else - cp -f $src/etc/hotplug/*.agent $dst/etc/hotplug/ + cp -f $src/etc/hotplug/*.agent "$tmp/etc/hotplug/" fi + +chmod -R a+rX "$tmp" +(cd $tmp; tar -cf - *) | tar --no-same-owner -C "$dst" -xf - +rm -r "$tmp" echo "Checking to see whether prerequisite tools are installed..." cd $src/../check _______________________________________________ Xen-devel mailing list Xen-devel@lists.xensource.com http://lists.xensource.com/xen-devel