On 09/05/13 12:43, Frank Ch. Eigler wrote:
> ...
>> Also we already have /var/tmp/pmlogger ...
>
> (Could these programs not log to some $HOME/.pcp directory? Why
> should they be system-wide?)
The pmlogger ones really have to be system-wide ... the whole (distributed)
pmlc-pmcd_PMDA-pmlogger control infrastructure depends on pmcd.pmlogger.*
metrics being available and reflecting the state of all pmloggers running on
the local host.
>> [...]
>> Some DB APIs have (at least in the past) relied on some db-group
>> permissions, so we may not have the freedom to mandate running as gid pcp.
>
> (Please keep in mind *supplementary* group memberships, not gid pcp.)
Fair point. But I would be surprised if setgroups() is going to work on all the
platforms we're aiming for ... a solution using just one group for a process
would probably be preferable if we can devise one.
>> ...
>> 1. some packaging systems enforce permissions and uid/gid rules that are
>> not consistent with our needs ... so we need to gather all these up and
>> replicate the patch up logic in _all_ the package post-install scripts.
>
> Can you give an example?
Here is a fragment of the Debian policy enforcer ...
dh_fixperms makes all files in usr/share/doc in the package build
directory (excluding files in the examples/ directory) be mode 644. It
also changes the permissions of all man pages to mode 644. It makes all
files be owned by root, and it removes group and other write permission
from all files. It removes execute permissions from any libraries,
headers, Perl modules, or desktop files that have it set. It makes all
files in the standard bin and sbin directories, usr/games/ and
etc/init.d executable (since v4). Finally, it removes the setuid and
setgid bits from all files in the package.
And I thing some of what we have today may even go back to the Irix packaging
infrastructure.
>> 2. some packaging systems don't honour changes in permissions and
>> uid/gid from the package when these are different to permissions and
>> uid/gid settings of an already installed file or directory.
>
> Can you give an example?
Again from Debian (actually Ubuntu) I have seen behaviour that suggests this to
be so (although I cannot prove it).
I forced some mode 1777 directories into the tarball in the .deb package,
installed the package and the modes of the directories were unchanged (although
this will also have run the pre-install and post-install scripts, and our rc
scripts before I checked the permissions on the directories).
>> 3. some of our directories are created on the fly and not included in
>> the packages ... this is almost certainly wrong.
>
> Right, among other things it complicates clean uninstallation.
Nod.
|