Extending fcopy
Janning Vygen
vygen at planwerk6.de
Mon Dec 11 12:17:24 CET 2006
Am Sonntag, 10. Dezember 2006 19:25 schrieb Michael Tautschnig:
> > Am Freitag, 8. Dezember 2006 16:48 schrieben Sie:
> > > > > > - some -k/--keep option (which I'd rather call --keep-permissions
> > > > > > :-)
> > >
> > > [...]
> > > If a file permission get borked it will never be fixed by an
> > > softupdate.
> >
> > you don't need to use the -k (keep-permissions) option, so spftupdate can
> > fix it. But why should it be broken anyway?
>
> Never trust your system. Never.
Your are right, but that doesn't mean to use FAI to make it more trustworthy.
If something/someone changes permissions on your system it should be detected
by something like an IDS and not corrected silently by FAI softupdate.
> > > In the case that it's not root:root 644 it has in most cases a special
> > > reason. If the file is missing there noting to preserve, what to use
> > > then?
> >
> > then use -M, -m or source file permissions as it is right now.
>
> I'd say the patch should add 2 warning:
> - One to be displayed in case there is destination file
> - Anotherone in the man page: WARNING: -k might introduce a security hole
> in case the permissions of the destination file have been altered
> unexpectedly.
good idea. Warnings are always useful.
> Then, well, it's up to the FAI-user to use -k or not.
exactly.
> Return codes and fcopy to me is a somewhat strange thing. The current
> default behaviour is that preserving a file is treated as an error and a
> non-zero exit status is returned.
>
> In my opinion fcopy should only return something other than 0 if an error
> occurred. And preserving a file is not an error IMHO.
>
> As such I'd go for the following: Return 0 unless anything inside fcopy
> (which includes preinst/postinst) went wrong. To find out, whether files
> have been altered or not (which includes changing permissions), I'd prefer
> an output like the following (more or less proper perl, but I guess you get
> the idea):
>
> if( $changed )
> {
> printf "fcopy is updating $file:\n";
> printf "\t Copied $src to $dest\n" if( $copied );
> printf "\t Permissions set to $perm\n" if( $perm_changed );
> }
I would rather stick to the output fcopy uses today. I don't think that we
need to distinguish between content and permission change. A script could
always analyze the situation further if it needs more information.
> Then, one could do the following:
>
> fcopy ... /etc/postgresql | grep -q "fcopy is updating" &&
> /etc/init.d/postgresql restart
Yes, i guess you are right. I just started to do some test with fcopy
returning "useful" exit codes but it is rather strange. Just printing out
what has changed is a rather small patch.
kind regards,
Janning
> Best,
> Michael
--
PLANWERK 6 websolutions
Venloer Straße 8, 40477 Düsseldorf
Tel: (0211) 302666-0
Fax: (0211) 302666-10
http://www.planwerk6.de/
More information about the linux-fai-devel
mailing list