Bug 193700

Summary: www/otrs may set permission during install
Product: Ports & Packages Reporter: knezour
Component: Individual Port(s)Assignee: freebsd-ports-bugs (Nobody) <ports-bugs>
Status: Open ---    
Severity: Affects Only Me CC: 0mp, cs, m.tsatsenko, w.schwarzenfeld
Priority: --- Keywords: needs-patch, needs-qa
Version: LatestFlags: vlad-fbsd: maintainer-feedback+
Hardware: Any   
OS: Any   
See Also: https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=193699

Description knezour 2014-09-17 00:11:31 UTC 
The www/otrs ports ships script, which sets permissions on installed files required for proper run and instructs (see files/pkg-message.in) user how to run it. This is required upstream because of uncertainity about paths, users and groups on target platforms (specially web server may run as www, apache, www-data etc.), but if installed from ports, all mentioned informations are known and already set in the ports Makefile, so permissions on the files may be set during the install targed. However I don't know, if such change may have some implications for installation from packages.
Comment 1 Bugzilla Automation freebsd_committer freebsd_triage 2014-09-17 00:11:31 UTC 
Maintainer CC'd
Comment 2 Carlo Strub freebsd_committer freebsd_triage 2014-09-21 22:21:18 UTC 
The trouble with this script is that it may be very individual on how people install OTRS. Some have other group names than others. If we let this script run automatically, it will change the permissions any time a user updates the port. That makes no sense and is a security risk.
Comment 3 m.tsatsenko 2014-09-23 20:35:33 UTC 
At first pkg-messages respects USERS and GROUPS so there is no problem with groups, etc.

The actual problem is STAGEDIR support. Prior to conversion to STAGEDIR SetPermissions script was been triggered during post-install target. But! STAGEDIR environment misses USERS and GROUPS thus chown call fails with no such user/group error.
Comment 4 m.tsatsenko 2014-09-23 20:36:41 UTC 
Once STAGEDIR will respect USERS and GROUPS I will be happy to set permissions from Makefile
Comment 5 VK freebsd_triage 2016-06-05 01:20:04 UTC 
Hello guys. Is this bug report still relevant? A fix still applicable?

Setting maintainer-feedback+, it was given in time, just never flagged as such.
Comment 6 m.tsatsenko 2016-06-15 09:46:19 UTC 
Hello
Well, that depends.
Yes I still have to ask end-user to run SetPermissions script manually after install.
Not sure if pkg does not respect users/group under the stage environment at the moment. I will check it out next days.
Comment 7 m.tsatsenko 2016-06-27 21:11:34 UTC 
I have checked out the things and still setpermissions.pl script invoked from post-install target fails due to missing otrs user in the stage environment. And there is very little I can do with it.
I think fixing this requires some changes in the ports infrastructure so I suggest assign this PR to portmgr.
Comment 8 Walter Schwarzenfeld freebsd_triage 2018-01-16 09:39:50 UTC 
Any new here?
Comment 9 m.tsatsenko 2018-01-23 15:15:19 UTC 
Hello,
I will check if ports Mk respects USERS during build/stage. If still not there is nothing I can do with it
Comment 10 Mateusz Piotrowski freebsd_committer freebsd_triage 2020-11-03 16:00:08 UTC 
(In reply to m.tsatsenko from comment #9)
It does not because the whole build process must be able to finish as a non-root user.

What could be done is running the script with some defaults when the package is installed (via @postexec for example; see https://www.freebsd.org/doc/en/books/porters-handbook/book.html#plist-keywords-base-exec) and informing the user about a way to change the defaults if desired (basically setting the permissions once again).
Comment 11 Mateusz Piotrowski freebsd_committer freebsd_triage 2021-01-20 12:47:12 UTC 
Return the issue back to the pool