|Summary:||RPM doesn't attempt to change group ownership when not running as root|
|Product:||[Retired] Red Hat Linux||Reporter:||Matthew Braithwaite <matt>|
|Component:||rpm||Assignee:||Jeff Johnson <jbj>|
|Status:||CLOSED DEFERRED||QA Contact:||Mike McLean <mikem>|
|Fixed In Version:||Doc Type:||Bug Fix|
|Doc Text:||Story Points:||---|
|Last Closed:||2003-06-25 17:34:13 UTC||Type:||---|
|oVirt Team:||---||RHEL 7.3 requirements from Atomic Host:|
Description Matthew Braithwaite 2003-04-08 03:59:11 UTC
When rpm is run as not as root, it doesn't attempt to chown(2) any of the files it installs. I suspect that the origin of this behavior is to permit rpm to be run as non-root without noisy chown failures. But I think a better solution is to attempt the chown and fail silently if the chown fails with EPERM. Why: in our environment we make extensive use of RPM deployment by non-root users. We therefore make much use of group memberships as a substitute for the time-honored practice of running everything as root. We quickly learned that one could not specify group ownership in the %files section of an RPM spec file. Instead, one has to do an explicit chgrp in %post, which is confusing to newcomers and hard to audit. Hence my suggestion. If it meets with your approval I'm can supply either of two patches: 1. When non-root, don't attempt change ownership, and attempt change group if and only if group is one of the groups of the user running RPM. 2. When non-root, attept change ownership and change group, but do not complain on failure unless errno is something other than EPERM. (The second approach seems cleaner to me.) Either of these changes allows RPM to continue behaving as it does now, namely, never complaining that it has insufficient permission to alter the owner or group of the files it installs. Please let me know what you think, & thanks for your consideration.
Comment 2 Jeff Johnson 2003-06-25 17:34:13 UTC
Patch looks OK, but ignoring EPERM assumes that rpm has a deep and complete understanding of all cases where EPERM is returned, not true for, say, chattr. I can add the patch if you rework to test a configuration macro, where the default "normal" behavior is to not ignore EPERM.