Debian Bug report logs - #600051
stupid permissions on /etc/couchdb/ leading to desktopcouch not working

version graph

Package: couchdb; Maintainer for couchdb is Laszlo Boszormenyi (GCS) <gcs@debian.org>; Source for couchdb is src:couchdb.

Reported by: Raphaël Hertzog <hertzog@debian.org>

Date: Wed, 13 Oct 2010 07:18:01 UTC

Severity: serious

Found in version couchdb/0.11.0-2.1

Fixed in version couchdb/0.11.0-2.2

Done: Serafeim Zanikolas <sez@debian.org>

Bug is archived. No further changes may be made.

Toggle useless messages

View this report as an mbox folder, status mbox, maintainer mbox


Report forwarded to debian-bugs-dist@lists.debian.org, desktopcouch@packages.debian.org, Erlang Packaging Team <pkg-erlang-devel@lists.alioth.debian.org>:
Bug#600051; Package couchdb. (Wed, 13 Oct 2010 07:18:04 GMT) Full text and rfc822 format available.

Acknowledgement sent to Raphaël Hertzog <hertzog@debian.org>:
New Bug report received and forwarded. Copy sent to desktopcouch@packages.debian.org, Erlang Packaging Team <pkg-erlang-devel@lists.alioth.debian.org>. (Wed, 13 Oct 2010 07:18:04 GMT) Full text and rfc822 format available.

Message #5 received at submit@bugs.debian.org (full text, mbox):

From: Raphaël Hertzog <hertzog@debian.org>
To: Debian Bug Tracking System <submit@bugs.debian.org>
Subject: stupid permissions on /etc/couchdb/ leading to desktopcouch not working
Date: Wed, 13 Oct 2010 09:15:46 +0200
Package: couchdb
Version: 0.11.0-2.1
Severity: serious

The chmod -R 0770 /etc/couchdb is just plain wrong in the postinst.

The only file that needs to be read protected is local.ini because it
might contain a password.

The other files should be 664. Directories should be 775.

Please drop this chmod call in the postinst and provide correct
dependencies in the package itself. You are resetting any permission that
the admin might have set on any file...

(Or at least change the permission only on the initial installation.)

Furthermore, those needlessly restrictive permissions break desktopcouch.

Cheers,

-- System Information:
Debian Release: squeeze/sid
  APT prefers unstable
  APT policy: (500, 'unstable'), (500, 'testing'), (500, 'stable'), (150, 'experimental')
Architecture: i386 (x86_64)

Kernel: Linux 2.6.32-5-amd64 (SMP w/2 CPU cores)
Locale: LANG=fr_FR.UTF-8, LC_CTYPE=fr_FR.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash

Versions of packages couchdb depends on:
ii  adduser                    3.112+nmu1    add and remove users and groups
ii  erlang-base [erlang-abi-13 1:14.a-dfsg-2 Erlang/OTP virtual machine and bas
ii  erlang-crypto              1:14.a-dfsg-2 Erlang/OTP cryprographic modules
ii  erlang-inets               1:14.a-dfsg-2 Erlang/OTP Internet clients and se
ii  erlang-ssl                 1:14.a-dfsg-2 Erlang/OTP implementation of SSL
ii  erlang-tools               1:14.a-dfsg-2 Erlang/OTP various tools
ii  erlang-xmerl               1:14.a-dfsg-2 Erlang/OTP XML tools
ii  libc6                      2.11.2-6      Embedded GNU C Library: Shared lib
ii  libcurl3                   7.21.1-1      Multi-protocol file transfer libra
ii  libicu44                   4.4.1-6       International Components for Unico
ii  libjs-jquery               1.4.2-2       JavaScript library for dynamic web
ii  libmozjs2d                 1.9.1.13-1    The Mozilla SpiderMonkey JavaScrip
ii  lsb-base                   3.2-26        Linux Standard Base 3.2 init scrip
ii  mawk                       1.3.3-15      a pattern scanning and text proces
ii  procps                     1:3.2.8-9     /proc file system utilities

couchdb recommends no packages.

couchdb suggests no packages.

-- Configuration Files:
/etc/couchdb/local.ini [Errno 13] Permission non accordée: u'/etc/couchdb/local.ini'

-- no debconf information




Information forwarded to debian-bugs-dist@lists.debian.org, Erlang Packaging Team <pkg-erlang-devel@lists.alioth.debian.org>:
Bug#600051; Package couchdb. (Wed, 13 Oct 2010 07:36:07 GMT) Full text and rfc822 format available.

Acknowledgement sent to Raphael Hertzog <hertzog@debian.org>:
Extra info received and forwarded to list. Copy sent to Erlang Packaging Team <pkg-erlang-devel@lists.alioth.debian.org>. (Wed, 13 Oct 2010 07:36:07 GMT) Full text and rfc822 format available.

Message #10 received at 600051@bugs.debian.org (full text, mbox):

From: Raphael Hertzog <hertzog@debian.org>
To: 600051@bugs.debian.org
Subject: Re: Bug#600051: stupid permissions on /etc/couchdb/ leading to desktopcouch not working
Date: Wed, 13 Oct 2010 09:33:29 +0200
On Wed, 13 Oct 2010, Raphaël Hertzog wrote:
> Please drop this chmod call in the postinst and provide correct
> dependencies in the package itself. You are resetting any permission that
  ^^^^^^^^^^^^
I meant permissions of course.

Cheers,
-- 
Raphaël Hertzog ◈ Debian Developer ◈ [Flattr=20693]

Follow my Debian News ▶ http://RaphaelHertzog.com (English)
                      ▶ http://RaphaelHertzog.fr (Français)




Information forwarded to debian-bugs-dist@lists.debian.org, Erlang Packaging Team <pkg-erlang-devel@lists.alioth.debian.org>:
Bug#600051; Package couchdb. (Sat, 30 Oct 2010 14:39:06 GMT) Full text and rfc822 format available.

Acknowledgement sent to Serafeim Zanikolas <sez@debian.org>:
Extra info received and forwarded to list. Copy sent to Erlang Packaging Team <pkg-erlang-devel@lists.alioth.debian.org>. (Sat, 30 Oct 2010 14:39:06 GMT) Full text and rfc822 format available.

Message #15 received at 600051@bugs.debian.org (full text, mbox):

From: Serafeim Zanikolas <sez@debian.org>
To: 600051@bugs.debian.org
Subject: intent to NMU
Date: Sat, 30 Oct 2010 16:24:54 +0200
Dear maintainer,

I'll upload a NMU with a fix for #600061 in delayed/2. Please feel free to
override it.

Cheers,
Serafeim


debdiff output:

[The following lists of changes regard files as different if they have
different names, permissions or owners.]

Files in second .deb but not in first
-------------------------------------
-rw-rw----  root/root   /etc/couchdb/local.ini

Files in first .deb but not in second
-------------------------------------
-rw-r--r--  root/root   /etc/couchdb/local.ini

Control files: lines which differ (wdiff format)
------------------------------------------------
Installed-Size: [-2264-] {+2268+}
Version: [-0.11.0-2.1-] {+0.11.0-2.2+}



diff -Nurp couchdb-0.11.0.orig//debian/changelog couchdb-0.11.0/debian/changelog
--- couchdb-0.11.0.orig//debian/changelog	2010-10-30 16:06:12.000000000 +0200
+++ couchdb-0.11.0/debian/changelog	2010-10-30 16:08:21.000000000 +0200
@@ -1,3 +1,11 @@
+couchdb (0.11.0-2.2) unstable; urgency=high
+
+  * Non-maintainer upload.
+  * Apply permission settings during package build (as opposed to during
+    package installation) (Closes: #600051). Setting high urgency for RC bug.
+
+ -- Serafeim Zanikolas <sez@debian.org>  Sat, 30 Oct 2010 13:03:20 +0200
+
 couchdb (0.11.0-2.1) unstable; urgency=high
 
   * Non-maintainer upload by the Security Team.
diff -Nurp couchdb-0.11.0.orig//debian/postinst couchdb-0.11.0/debian/postinst
--- couchdb-0.11.0.orig//debian/postinst	2010-10-30 16:06:12.000000000 +0200
+++ couchdb-0.11.0/debian/postinst	2010-10-30 16:06:36.000000000 +0200
@@ -24,9 +24,6 @@ case $1 in
         chown -R couchdb:couchdb /etc/couchdb
         chown -R couchdb:couchdb /var/lib/couchdb
         chown -R couchdb:couchdb /var/log/couchdb
-        chmod -R 0770 /etc/couchdb
-        chmod -R 0770 /var/lib/couchdb
-        chmod -R 0770 /var/log/couchdb
         ;;
 esac
 
diff -Nurp couchdb-0.11.0.orig//debian/rules couchdb-0.11.0/debian/rules
--- couchdb-0.11.0.orig//debian/rules	2010-10-30 16:06:12.000000000 +0200
+++ couchdb-0.11.0/debian/rules	2010-10-30 16:07:23.000000000 +0200
@@ -35,6 +35,8 @@ common-binary-post-install-arch::
 	cp debian/binary.lintian-overrides debian/couchdb/usr/share/lintian/overrides/couchdb
 
 common-binary-predeb-arch::
+	dh_fixperms debian/couchdb/
+	chmod 660 debian/couchdb/etc/couchdb/local.ini
 	erlang-depends
 
 # @@ only works from source directory, see #494141




Added tag(s) pending. Request was from Serafeim Zanikolas <sez@debian.org> to control@bugs.debian.org. (Sat, 30 Oct 2010 14:51:09 GMT) Full text and rfc822 format available.

Reply sent to Serafeim Zanikolas <sez@debian.org>:
You have taken responsibility. (Mon, 01 Nov 2010 15:03:08 GMT) Full text and rfc822 format available.

Notification sent to Raphaël Hertzog <hertzog@debian.org>:
Bug acknowledged by developer. (Mon, 01 Nov 2010 15:03:08 GMT) Full text and rfc822 format available.

Message #22 received at 600051-close@bugs.debian.org (full text, mbox):

From: Serafeim Zanikolas <sez@debian.org>
To: 600051-close@bugs.debian.org
Subject: Bug#600051: fixed in couchdb 0.11.0-2.2
Date: Mon, 01 Nov 2010 15:02:20 +0000
Source: couchdb
Source-Version: 0.11.0-2.2

We believe that the bug you reported is fixed in the latest version of
couchdb, which is due to be installed in the Debian FTP archive:

couchdb_0.11.0-2.2.diff.gz
  to main/c/couchdb/couchdb_0.11.0-2.2.diff.gz
couchdb_0.11.0-2.2.dsc
  to main/c/couchdb/couchdb_0.11.0-2.2.dsc
couchdb_0.11.0-2.2_i386.deb
  to main/c/couchdb/couchdb_0.11.0-2.2_i386.deb



A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 600051@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Serafeim Zanikolas <sez@debian.org> (supplier of updated couchdb package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Format: 1.8
Date: Sat, 30 Oct 2010 13:03:20 +0200
Source: couchdb
Binary: couchdb
Architecture: source i386
Version: 0.11.0-2.2
Distribution: unstable
Urgency: high
Maintainer: Erlang Packaging Team <pkg-erlang-devel@lists.alioth.debian.org>
Changed-By: Serafeim Zanikolas <sez@debian.org>
Description: 
 couchdb    - RESTful document oriented database
Closes: 600051
Changes: 
 couchdb (0.11.0-2.2) unstable; urgency=high
 .
   * Non-maintainer upload.
   * Apply permission settings during package build (as opposed to during
     package installation) (Closes: #600051). Setting high urgency for RC bug.
Checksums-Sha1: 
 8e282d01ceb95735fdab729015bfdfc1c1b5c3cc 2039 couchdb_0.11.0-2.2.dsc
 42d5d10e1c0a9dae372cf52ce755fe63a3da74e8 11714 couchdb_0.11.0-2.2.diff.gz
 64ddcb0091c6723038fee92897fa67faf84d686b 619390 couchdb_0.11.0-2.2_i386.deb
Checksums-Sha256: 
 4f8917b028848fcebfcba152b4ecdb41c34bd434e3961f85e5544f5fbc6308c4 2039 couchdb_0.11.0-2.2.dsc
 d0587aaa08fc24c5bc188edb1afd3d750df6ac166c4dea67fa100e5c3387aa31 11714 couchdb_0.11.0-2.2.diff.gz
 7e7a27a748189102bbe9638725d375f839cdd95f5a24f03f62a4c4abe3107d82 619390 couchdb_0.11.0-2.2_i386.deb
Files: 
 4ff587b15ed9a65ea365033d5840ff67 2039 misc optional couchdb_0.11.0-2.2.dsc
 d111e6c52a232336b1fc390352a5a56a 11714 misc optional couchdb_0.11.0-2.2.diff.gz
 8fa89a3bea3bbe89a1bfba0c2ca8f861 619390 misc optional couchdb_0.11.0-2.2_i386.deb

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10 (GNU/Linux)

iQIcBAEBCAAGBQJMzCxlAAoJEE+fbVUO1hIqRCkP/0DM0nf4eIlkQ5H37PgKGKNE
JS/Sm4+OkrMXMW43+mIk/sAGw2/PQaf59sNVaeQgI7b9IIY6CtrnIgDrgNwpDNa5
ZG19PtCAuVzE/+Kcdm6v3tsE8CTPUcG28AVOdba8MwIYYXLnDeLTScLqjVr2f4QE
8wH+KznfohT4d4o6PSJQq+dUCFzUJ/KmwsVocXK9fU9oycySOADRREJKZK8g2JEW
+mS0A5SFMnADAOrYU3Ah29cRJISwqUHHWKUSuruq7oRUVBiIH+AmpU802glTUUcY
AWJ+/hdunXMRoQ/iuxFUww90u705EGacb40UWtH0nBwetYtoYKHz3YtrPFEOt02c
DSlEfPvFYk/JFBq3svnxrytjfztu15CzNS6dNY7rqSfQqJZTiCA7e7jdFO27/wxw
wvgnngHe6K75Gy7hdqbx9QGGsdGh9j6Mh9lLXAIoArXhR4QkSD5FXbLNGk07Byrh
gTubRVj5bmHLu/bvxiDCdnXpi1AJPdAG2WcCqb03YLMuExSc5WL+LSnuSXKLJgOm
85tMQlJbmV37X2a2jBrQlg+Gh3u0+EptU8KWeh0TzdrZ0c4mqrV4JzwlG+FN7UX0
Pmo5QdRV0wfLqZSHgnuTNjTPeedhbLd0+Nnbv1zJPKa5tPEZe5TxonDcnCr+zc6V
9D+dUEAQPRBPRUrUbkVY
=btvB
-----END PGP SIGNATURE-----





Information forwarded to debian-bugs-dist@lists.debian.org, Erlang Packaging Team <pkg-erlang-devel@lists.alioth.debian.org>:
Bug#600051; Package couchdb. (Tue, 02 Nov 2010 22:36:03 GMT) Full text and rfc822 format available.

Acknowledgement sent to Serafeim Zanikolas <sez@debian.org>:
Extra info received and forwarded to list. Copy sent to Erlang Packaging Team <pkg-erlang-devel@lists.alioth.debian.org>. (Tue, 02 Nov 2010 22:36:03 GMT) Full text and rfc822 format available.

Message #27 received at 600051@bugs.debian.org (full text, mbox):

From: Serafeim Zanikolas <sez@debian.org>
To: 600051@bugs.debian.org
Subject: slightly revised NMU in delayed/2
Date: Tue, 2 Nov 2010 23:33:49 +0100
diff -Nurp couchdb-0.11.0.orig//debian/changelog couchdb-0.11.0/debian/changelog
--- couchdb-0.11.0.orig//debian/changelog	2010-11-01 22:11:58.000000000 +0100
+++ couchdb-0.11.0/debian/changelog	2010-11-01 22:11:00.000000000 +0100
@@ -1,3 +1,19 @@
+couchdb (0.11.0-2.3) unstable; urgency=high
+
+  * Non-maintainer upload.
+  * debian/rules: make sure /var/{lib,log}/couchdb have permission set to 750
+    (related to #600051).
+
+ -- Serafeim Zanikolas <sez@debian.org>  Mon, 01 Nov 2010 20:08:08 +0100
+
+couchdb (0.11.0-2.2) unstable; urgency=high
+
+  * Non-maintainer upload.
+  * Apply permission settings during package build (as opposed to during
+    package installation) (Closes: #600051). Setting high urgency for RC bug.
+
+ -- Serafeim Zanikolas <sez@debian.org>  Sat, 30 Oct 2010 13:03:20 +0200
+
 couchdb (0.11.0-2.1) unstable; urgency=high
 
   * Non-maintainer upload by the Security Team.
diff -Nurp couchdb-0.11.0.orig//debian/postinst couchdb-0.11.0/debian/postinst
--- couchdb-0.11.0.orig//debian/postinst	2010-11-01 22:11:58.000000000 +0100
+++ couchdb-0.11.0/debian/postinst	2010-11-01 19:51:04.000000000 +0100
@@ -24,9 +24,6 @@ case $1 in
         chown -R couchdb:couchdb /etc/couchdb
         chown -R couchdb:couchdb /var/lib/couchdb
         chown -R couchdb:couchdb /var/log/couchdb
-        chmod -R 0770 /etc/couchdb
-        chmod -R 0770 /var/lib/couchdb
-        chmod -R 0770 /var/log/couchdb
         ;;
 esac
 
diff -Nurp couchdb-0.11.0.orig//debian/rules couchdb-0.11.0/debian/rules
--- couchdb-0.11.0.orig//debian/rules	2010-11-01 22:11:58.000000000 +0100
+++ couchdb-0.11.0/debian/rules	2010-11-01 22:07:51.000000000 +0100
@@ -35,6 +35,10 @@ common-binary-post-install-arch::
 	cp debian/binary.lintian-overrides debian/couchdb/usr/share/lintian/overrides/couchdb
 
 common-binary-predeb-arch::
+	dh_fixperms debian/couchdb/
+	chmod 660 debian/couchdb/etc/couchdb/local.ini
+	chmod 750 debian/couchdb/var/lib/couchdb
+	chmod 750 debian/couchdb/var/log/couchdb
 	erlang-depends
 
 # @@ only works from source directory, see #494141




Bug archived. Request was from Debbugs Internal Request <owner@bugs.debian.org> to internal_control@bugs.debian.org. (Thu, 02 Dec 2010 07:33:13 GMT) Full text and rfc822 format available.

Send a report that this bug log contains spam.


Debian bug tracking system administrator <owner@bugs.debian.org>. Last modified: Sat Apr 19 02:06:56 2014; Machine Name: beach.debian.org

Debian Bug tracking system
Copyright (C) 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson.