[Rpm-maint] [rpm-software-management/rpm] RFE: allow clamping username and permissions for source RPMs (Issue #2604)
Zbigniew Jędrzejewski-Szmek
notifications at github.com
Thu Sep 14 16:10:37 UTC 2023
> it would be useful to clamp the ownership of the files to root:root--though this will necessitate ensuring that the applications which work with RPM input/output respect this clamping and change the permissions if a user extracts or installs it. (Namely, we don't want a user to install an RPM with files they cannot touch or see)
Actually this is not an issue. A user cannot create files they cannot touch or see: if we do the proposed change, if running as root, the file is created owned by root, but anyway, for root the ownership and permission mask are ignored. If running as a user, they cannot create any files not owned by them.
So please just store the files as `uid=0`, `gid=0`, `mask=-rwxrwxraw` or `drwxrwxrwx`. This way, the right thing will happen, i.e. file will always be owned by the user and the permission mask will be determined by the user's umask.
--
Reply to this email directly or view it on GitHub:
https://github.com/rpm-software-management/rpm/issues/2604#issuecomment-1719746732
You are receiving this because you are subscribed to this thread.
Message ID: <rpm-software-management/rpm/issues/2604/1719746732 at github.com>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.rpm.org/pipermail/rpm-maint/attachments/20230914/ddb80f34/attachment.html>
More information about the Rpm-maint
mailing list