Opened 7 years ago

Closed 7 years ago

#994 closed defect (fixed)

chroot build method: files owned by user outside /home/

Reported by: kalxas Owned by: live-demo@…
Priority: normal Milestone: OSGeoLive6.0Final
Component: OSGeoLive Keywords: 6.0
Cc: live-demo@…

Description

As stated by Hamish in https://trac.osgeo.org/osgeo/ticket/988#comment:5 we need to fix this permission issue for the live disk

Change history (6)

comment:1 Changed 7 years ago by hamish

Priority: majorblocker
sudo su
find / -uid 1000 | grep -v '/rofs/'

remaining in r8915 is

  • gvSIG; many files
  • geonetwork; many files
  • sahana (web2py); many files
  • mapproxy: one file
  • /debian-binary (!?)
  • /usr/local/share/data (!?)

Hamish

comment:2 Changed 7 years ago by hamish

  • i.e. the install scripts have chown'd to a user ID which no longer exists at run time
  • projects are forbidden from having the user account own files outside of /home
    • it doesn't work with the chroot method. your app is most likely broken by it
    • this can break the iso
    • it is not portable if another user account is added
    • new user added suddenly owns system files
    • it's an ugly hack
  • we need to know from gvSIG (is this from your .deb?), geonetwork, sahana, and mapproxy the minimal set of files/dirs, if any, that need to be writable at run-time.

thanks, Hamish

comment:3 Changed 7 years ago by hamish

apparently gvSIG's deb contained all mis-assigned files. manually chown'd back to root.root with r8938. note /opt/gvSIG_1.11/bin/ is world-writable, as is bin/gvSIG/extensiones/; is that indented??

thanks, Hamish

comment:4 Changed 7 years ago by hamish

most of these have been fixed now, hopefully without too much collateral damage. Sahana's web2py remains incomplete; awaiting guidance, see #992.

Hamish

comment:5 Changed 7 years ago by hamish

Priority: blockernormal

comment:6 Changed 7 years ago by hamish

Resolution: fixed
Status: newclosed
Note: See TracTickets for help on using tickets.