Problem trying to install files owned as a particular user/group #178

Closed
ephess opened this Issue Mar 21, 2012 · 10 comments

Comments

Projects
None yet
4 participants
@ephess

ephess commented Mar 21, 2012

Hi There,

I've been working with fpm for a few weeks now and overall it's a fantastic tool - I'm looking at moving one of our packages across to using fpm and have run into a issue trying to build packages that have files in them owned by a user other than root.

The packages I'm trying to build are debian packages.

I've had a poke around the source tree and from what I can tell most of the tarballs are created using a command like:

tar --owner=root --group=root -cf data.tar --no-recursion dir1 dir2 dir1/file1 dir1/file2

This seems to be overriding the ownership I've setup locally when getting the package structure ready.

I tried setting the ownership of the files in a --post-install script however this doesn't really seem like the right place to do it (it's quite over complicated to do this on a populated filesystem as well).

Is there a provision for this issue that I'm missing or are you able to give me any direction as to how I could fix it?

Some ideas I had:

  1. Make the --owner= and --group= options configurable
  • This would solve my particular problem but wouldn't help someone who was trying to have files with 2+ different owners in one package.
  1. Add a option to disable the --owner and --group enforcements

Thanks a lot for your time! :)

@jordansissel

This comment has been minimized.

Show comment
Hide comment
@jordansissel

jordansissel Mar 21, 2012

Owner

you're right, there is currently no way to specify ownership of files. It's a bug and on the todo list :)

Owner

jordansissel commented Mar 21, 2012

you're right, there is currently no way to specify ownership of files. It's a bug and on the todo list :)

@ephess

This comment has been minimized.

Show comment
Hide comment
@ephess

ephess Mar 21, 2012

Do you have an idea of how you're wanting to implement this yet?

I'd would probably be interested in making the change and submitting a pull request if you're able to give me an idea of what you want (otherwise I'm going to have to look at monkey patching fpm until you get around to it, which I'd rather not do if possible).

ephess commented Mar 21, 2012

Do you have an idea of how you're wanting to implement this yet?

I'd would probably be interested in making the change and submitting a pull request if you're able to give me an idea of what you want (otherwise I'm going to have to look at monkey patching fpm until you get around to it, which I'd rather not do if possible).

@jordansissel

This comment has been minimized.

Show comment
Hide comment
@jordansissel

jordansissel Mar 21, 2012

Owner

Not totally sure. Some options (any or all can be implemented)

  • Obey the original file permissions (new flag: --use-file-permissions, or some better name?)
  • Allow users to specify an owner (new flags: --owner, --group?) for all files
  • Allow users to specify each specifically through a flag, perhaps with data in a file somewhere? (*)

Any or all of these can be implemented. I'll leave it a bit up to you, what is the easiest for your particular situation?

We could combine the first two options by allowing:

  • --owner or --owner -
  • --group *or --group -

If the 'owner' or 'group' is set to '-' (dash) each file will be owned/grouped by the current owner at the time of packaging. So in your situation, I think you would do: fpm ... --group - --owner - ...

Owner

jordansissel commented Mar 21, 2012

Not totally sure. Some options (any or all can be implemented)

  • Obey the original file permissions (new flag: --use-file-permissions, or some better name?)
  • Allow users to specify an owner (new flags: --owner, --group?) for all files
  • Allow users to specify each specifically through a flag, perhaps with data in a file somewhere? (*)

Any or all of these can be implemented. I'll leave it a bit up to you, what is the easiest for your particular situation?

We could combine the first two options by allowing:

  • --owner or --owner -
  • --group *or --group -

If the 'owner' or 'group' is set to '-' (dash) each file will be owned/grouped by the current owner at the time of packaging. So in your situation, I think you would do: fpm ... --group - --owner - ...

@ephess

This comment has been minimized.

Show comment
Hide comment
@ephess

ephess Mar 23, 2012

I'll have a go at implementing the first two in the combined manner that you suggested - I like that.

The easiest thing for me in my situation would be to pass the ownership through (i.e. fpm --owner user --group group), however I think the '-' functionality you suggested is nice as well.

I will get back to you early next week with a patch if possible.

ephess commented Mar 23, 2012

I'll have a go at implementing the first two in the combined manner that you suggested - I like that.

The easiest thing for me in my situation would be to pass the ownership through (i.e. fpm --owner user --group group), however I think the '-' functionality you suggested is nice as well.

I will get back to you early next week with a patch if possible.

@jordansissel

This comment has been minimized.

Show comment
Hide comment
@jordansissel

jordansissel Mar 23, 2012

Owner

Woo! Let me know if you have trouble with the code, since 0.4.x I've worked extra hard to make the internals well documented and readable; hoping it paid off :)

Owner

jordansissel commented Mar 23, 2012

Woo! Let me know if you have trouble with the code, since 0.4.x I've worked extra hard to make the internals well documented and readable; hoping it paid off :)

@ephess

This comment has been minimized.

Show comment
Hide comment
@ephess

ephess Mar 25, 2012

Code is all looking fine so far, haven't had any trouble understanding anything :) will let you know if I run into anything that is a bit unclear though.

Just a question, have you been making any efforts to ensure that fpm doesn't require root privileges to run or anything like that? A few of the changes I'm looking at making will require root privileges (for preserving ownership on directories) so I'm just wondering how you'd like that to work? I haven't seen anything else in FPM that requires root which is why I'm asking

ephess commented Mar 25, 2012

Code is all looking fine so far, haven't had any trouble understanding anything :) will let you know if I run into anything that is a bit unclear though.

Just a question, have you been making any efforts to ensure that fpm doesn't require root privileges to run or anything like that? A few of the changes I'm looking at making will require root privileges (for preserving ownership on directories) so I'm just wondering how you'd like that to work? I haven't seen anything else in FPM that requires root which is why I'm asking

@jordansissel

This comment has been minimized.

Show comment
Hide comment
@jordansissel

jordansissel Mar 26, 2012

Owner

Yeah, fpm should run as non-root same as root.

For preserving file ownership, we can work around it. Separting file metadata (ownership) from the content of those files.

Long story short, maybe implement this how you feel best, and we can iterate on the code in a way that safely supports rpm/solaris/deb/etc package outputs while also not requiring root permissions.

As an example, in the RPM format, the rpm has a special header that lists all the file owners and groups separate from the files themselves. This makes it easy to set ownership in RPM, but for deb packages, the only way to really specify file owners is to use lame postinstall scripts :(

Owner

jordansissel commented Mar 26, 2012

Yeah, fpm should run as non-root same as root.

For preserving file ownership, we can work around it. Separting file metadata (ownership) from the content of those files.

Long story short, maybe implement this how you feel best, and we can iterate on the code in a way that safely supports rpm/solaris/deb/etc package outputs while also not requiring root permissions.

As an example, in the RPM format, the rpm has a special header that lists all the file owners and groups separate from the files themselves. This makes it easy to set ownership in RPM, but for deb packages, the only way to really specify file owners is to use lame postinstall scripts :(

@jordansissel

This comment has been minimized.

Show comment
Hide comment
@jordansissel

jordansissel Mar 26, 2012

Owner

that is, if you have a prototype, I'd love to see it earlier than later and we can iterate on feedback and improvements. Send a pull request for feedback whenever you want :)

Owner

jordansissel commented Mar 26, 2012

that is, if you have a prototype, I'd love to see it earlier than later and we can iterate on feedback and improvements. Send a pull request for feedback whenever you want :)

@luxflux

This comment has been minimized.

Show comment
Hide comment
@luxflux

luxflux Nov 22, 2012

Any news here? Would be cool to have this :)

luxflux commented Nov 22, 2012

Any news here? Would be cool to have this :)

@r4um

This comment has been minimized.

Show comment
Hide comment
@r4um

r4um Jul 29, 2013

Collaborator

Closing, fixed since 0.4.31.

Collaborator

r4um commented Jul 29, 2013

Closing, fixed since 0.4.31.

@r4um r4um closed this Jul 29, 2013

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment