[Fedora-packaging] file permissions, guidelines, rpmlint

Tue Dec 8 17:26:11 UTC 2009

On 12/08/2009 05:06 PM, John Dennis wrote:
> On 12/08/2009 06:13 AM, Nicolas Mailhot wrote:
>>
>>
>> Le Lun 7 décembre 2009 23:21, John Dennis a écrit :
>>
>>> * Should rpmlint really be emitting warnings and errors for items not in
>>> the guidelines? (not just about file/directory but a number of other
>>> issues which frankly seems dubious). If rpmlint and the guidelines are
>>> divergent then should rpmlint be a recommended tool during package
>>> review?
>>
>> rpmlint is very convenient but
>>
>> 1. has been known to emit stupid warnings in the past (for example,
>> during
>> months it failed *any* spec file with UTF-8 inside, when UTF-8 was a
>> Fedora
>> choice, and while FPC had not asked for any filtering)
>>
>> 2. has refused to include checks for some Fedora packaging guidelines
>> (because
>> they were "distro specific" (ie the maintainer disagreed with FPC;
>> today the
>> same checks are performed by Debian's lintian on .debs, but rpmlint still
>> ignores them)
>>
>> I don't think this can resolved unless the rpmlint maintainer agrees
>> to pay
>> more attention to Fedora packaging guidelines. Right now rpmlint is
>> whatever
>> rpmlint maintainer feels is right. It may align or not with our own
>> packaging
>> guidelines.
>>
>
> O.K. you and few others have answered one of my questions, rpmlint is
> divorced from our guidelines.
>
> But I had another question, specifically about file permissions and if
> there were guidelines. The question is in the context of system
> services. I've looked at the file ownership and permissions under /etc
> and /var/log and there doesn't seem to be a lot of consistency.
>
> My personal viewpoint is that for system services normal users should
> not be able to read configuration files and logs. Files/directories
> should have uid of root (0) and a gid belonging to the special daemon
> user associated with the service (which implicitly includes a special
> daemon group). Permissions should be set up to allow only root and the
> daemon user access to read and write files and search directories for
> that service. Normal users (e.g. users who are neither root nor in the
> daemon special group) should not be given read permission on files nor
> execute permission on directories. In other words the mode 755 is not
> correct for files owned by system services, it should be either 770 or
> 750 depending on the file/directory. Rpmlint is recommending 775 for
> everything as far as I can tell and I think is wrong. Is there a
> consensus on file permissions for "system" packages?
The unspoken rule sofar has been:

Unless a file contains "confident"/"security relevant" information it 
should be set 755. If it contains such infos it should not be set 755.

This avoids user-side~, packager~ confusion and technical problems 
related to files which are required to be system-wide readable.

> Would others agree
> with the basic philosophy I outlined or do you take issue with it?
No, I don't, for the reasons outlined above.

> FWIW
> I've never seen a recommendation written on this topic, it seems to be
> anecdotal, historical and inconsistent rather than prescribed.
It's not that inconsistant as you seem to presume :-=)

Ralf