Skip to main content

Source code file content

Revision: 2971

15771544 pkgrepo should have a way of removing an entire publisher (fix test)
» Project Revision History

» Checkout URL

pkg-gate / doc / directory_perms.txt

Size: 2530 bytes, 1 line
Getting directory permissions correct and consistent 
between packages is a common problem in distributions;
it's often made worse by sets of packages that attempt
to be installable across multiple versions of the OS.

This is a resolvable problem in the small, but getting
all packages consistent everywhere is clearly untenable,
esp. if directory permissions change over time.

Several ways of dealing w/ this problem suggest themselves:

0) continue as we have been

   Pro - easy to do 
   Con - annoying verification errors, inconsistent
         results depending on order of package installation.

1) Fail package installation if new package has different
   permissions than existing (already installed) directories.

   Pro - easy, solves consistency problem
   Con - pushes problem onto user of package, since 
         problem is caught at install time.  Makes changes
	 very hard.

2) Define a directory permission in just one package, 
   and make all packages that install into that directory
   depend on that package.

   Pro - easy to understand.
   Con - difficult to manage, leads to a lot of packages
         if granularity of directory installations is fine.
         ISV implementation more difficult.

Another approach that we're considering is the following:

*) Use a directory of template files (identified by pkg name)
   that define default directory permissions, uid & gid.

   In this file, both explicit specifications and matching
   rules are permitted.

   For example:

   /etc/dirperms.d/SUNWcs might contain:

   /*	user=root group=bin mode=755
   /usr user=root group=sys mode=755
   /var user=root group=sys mode=755
   /var/pkg/* user=root group=root mode=755

   Explicit matches are always favored, and the
   longest possible match is preferred as well.

   We anticipate that few packages will actually deliver such
   files; the default one in SUNWcs should do for most.  Conflicting
   permissions in templates cause error messages.
*) The default directory permissions would be applied to

   * directories w/o explicit permissions
   * directories where package manifests explicitly 
     conflict in directory permissions

We anticipate that this mechanism should greatly reduce the 
difficulty of getting directory permissions correct, as most
packages can simply not specify them.

Possible problem is that different packages could deliver 
conflicting template specifications.  In this case, the
effect is undefined, and pkg verify will complain about
this situation.

Please Confirm