Remove all use of dpkg-statoverride
statoverride was introduced in 2.0.3-1 (2008-05-03) without any
rationale or additional context.
https://lists.debian.org/debian-mentors/2001/02/msg00174.html makes me
think that dpkg-statoverride should be used by the system administrator
only, whereas packages should actually use chmod/chgrp directly.
Looking through the codesearch results, dpkg-statoverride within
maintscripts is used almost exclusively for suid handling:
https://codesearch.debian.net/search?q=path%3Adebian%2F+statoverride+--add&perpkg=1
Michael Stapelberg
7 years ago
4 | 4 | case "$1" in |
5 | 5 | configure) |
6 | 6 | if [ -z "$2" ]; then |
7 | if ! dpkg-statoverride --list | grep -qw /etc/freeradius$; then | |
8 | dpkg-statoverride --add --update freerad freerad 2751 /etc/freeradius | |
9 | fi | |
10 | ||
11 | if ! dpkg-statoverride --list | grep -qw /etc/freeradius/3.0/radiusd.conf$; then | |
12 | dpkg-statoverride --add --update root freerad 0640 /etc/freeradius/3.0/radiusd.conf | |
13 | fi | |
14 | ||
15 | # Relax permissions on local dictionary - allows radclient to run and should | |
16 | # not contain secrets. At any rate, only do it on fresh install | |
17 | if ! dpkg-statoverride --list | grep -qw /etc/freeradius/3.0/dictionary$; then | |
18 | dpkg-statoverride --add --update root freerad 0644 /etc/freeradius/3.0/dictionary | |
19 | fi | |
20 | ||
21 | 7 | # Create snakeoil certificates on initial install |
22 | 8 | if grep -q -r 'etc/ssl/\(certs\|private\)/ssl-cert-snakeoil' /etc/freeradius; then |
23 | 9 | if test ! -e /etc/ssl/certs/ssl-cert-snakeoil.pem || \ |
47 | 33 | done |
48 | 34 | fi |
49 | 35 | |
50 | if [ -z "$2" ] || dpkg --compare-versions "$2" lt 3.0.11+dfsg-2; then | |
36 | if [ -z "$2" ] || dpkg --compare-versions "$2" lt 3.0.12+dfsg-2; then | |
51 | 37 | for module in always attr_filter cache_eap chap detail detail.log \ |
52 | 38 | digest dynamic_clients eap echo exec expiration expr files \ |
53 | 39 | linelog logintime mschap ntlm_auth pap passwd preprocess \ |
5 | 5 | remove) |
6 | 6 | ;; |
7 | 7 | purge) |
8 | for file in /etc/freeradius/3.0/dictionary \ | |
9 | /etc/freeradius/3.0/radiusd.conf \ | |
10 | /etc/freeradius/3.0 \ | |
11 | /etc/freeradius/dictionary \ | |
12 | /etc/freeradius/radiusd.conf \ | |
13 | /etc/freeradius; do | |
14 | if dpkg-statoverride --list | grep -qw "${file}$"; then | |
15 | dpkg-statoverride --remove "$file" | |
16 | fi | |
17 | done | |
18 | ||
19 | 8 | # Remove dangling links from sites-enabled. |
20 | 9 | for link in /etc/freeradius/sites-enabled/* \ |
21 | 10 | /etc/freeradius/3.0/sites-enabled/*; do |
0 | #! /bin/sh | |
1 | ||
2 | set -e | |
3 | ||
4 | case "$1" in | |
5 | remove) | |
6 | for file in `find /etc/freeradius/3.0/mods-config/sql/main/mysql/ -print` | |
7 | do | |
8 | if dpkg-statoverride --list | grep -qw $file$; then | |
9 | dpkg-statoverride --remove $file | |
10 | fi | |
11 | done | |
12 | ||
13 | for dir in /etc/freeradius/3.0/mods-config/sql \ | |
14 | /etc/freeradius/3.0/mods-config/sql/mysql | |
15 | do | |
16 | if dpkg-statoverride --list | grep -qw $dir$; then | |
17 | dpkg-statoverride --remove $dir | |
18 | fi | |
19 | done | |
20 | ;; | |
21 | esac | |
22 | ||
23 | #DEBHELPER# | |
24 | ||
25 | exit 0 | |
26 |
0 | #! /bin/sh | |
1 | ||
2 | set -e | |
3 | ||
4 | case "$1" in | |
5 | remove) | |
6 | for file in `find /etc/freeradius/3.0/mods-config/sql/main/postgresql/ -print` | |
7 | do | |
8 | if dpkg-statoverride --list | grep -qw $file$; then | |
9 | dpkg-statoverride --remove $file | |
10 | fi | |
11 | done | |
12 | ||
13 | for dir in /etc/freeradius/3.0/mods-config/sql/main \ | |
14 | /etc/freeradius/3.0/mods-config/sql/main/postgresql | |
15 | do | |
16 | if dpkg-statoverride --list | grep -qw $dir$; then | |
17 | dpkg-statoverride --remove $dir | |
18 | fi | |
19 | done | |
20 | ;; | |
21 | esac | |
22 | ||
23 | #DEBHELPER# | |
24 | ||
25 | exit 0 | |
26 | ||
27 |
9 | 9 | # start after services which may be used and stop before them. |
10 | 10 | update-rc.d freeradius start 50 2 3 4 5 . stop 19 0 1 6 . >/dev/null |
11 | 11 | |
12 | # Set up initial permissions on all the freeradius directories | |
13 | ||
14 | if ! dpkg-statoverride --list | grep -q /var/run/freeradius$; then | |
15 | mkdir -p /var/run/freeradius | |
16 | dpkg-statoverride --add --update freerad freerad 0755 /var/run/freeradius | |
17 | fi | |
18 | ||
19 | if ! dpkg-statoverride --list | grep -q /var/log/freeradius$; then | |
20 | mkdir -p /var/log/freeradius | |
21 | dpkg-statoverride --add --update freerad freerad 0750 /var/log/freeradius | |
22 | fi | |
23 | ||
24 | for file in radius.log radwtmp; do | |
25 | [ ! -f "/var/log/freeradius/${file}" ] && install -o freerad -g freerad -m 644 /dev/null /var/log/freeradius/${file} | |
26 | done | |
27 | ||
28 | for file in /etc/freeradius/3.0/mods-config/files/pre-proxy \ | |
29 | /etc/freeradius/3.0/mods-config/files/accounting \ | |
30 | /etc/freeradius/3.0/mods-config/preprocess/huntgroups \ | |
31 | /etc/freeradius/3.0/mods-config/preprocess/hints \ | |
32 | /etc/freeradius/3.0/experimental.conf \ | |
33 | /etc/freeradius/3.0/proxy.conf \ | |
34 | /etc/freeradius/3.0/clients.conf \ | |
35 | /etc/freeradius/mods-config/files/pre-proxy \ | |
36 | /etc/freeradius/mods-config/files/accounting \ | |
37 | /etc/freeradius/mods-config/preprocess/huntgroups \ | |
38 | /etc/freeradius/mods-config/preprocess/hints \ | |
39 | /etc/freeradius/experimental.conf \ | |
40 | /etc/freeradius/proxy.conf \ | |
41 | /etc/freeradius/clients.conf | |
42 | do | |
43 | if ! dpkg-statoverride --list | grep -qw $file$; then | |
44 | dpkg-statoverride --add --update root freerad 0640 $file | |
45 | fi | |
46 | done | |
47 | ||
48 | for dir in /etc/freeradius/3.0/certs \ | |
49 | /etc/freeradius/3.0/sites-available \ | |
50 | /etc/freeradius/3.0/sites-enabled \ | |
51 | /etc/freeradius/3.0/mods-config/attr_filter \ | |
52 | /etc/freeradius/3.0/policy.d \ | |
53 | /etc/freeradius/certs \ | |
54 | /etc/freeradius/sites-available \ | |
55 | /etc/freeradius/sites-enabled \ | |
56 | /etc/freeradius/mods-config/attr_filter \ | |
57 | /etc/freeradius/policy.d | |
58 | do | |
59 | if ! dpkg-statoverride --list | grep -qw $dir$; then | |
60 | dpkg-statoverride --add --update freerad freerad 2751 $dir | |
61 | fi | |
62 | done | |
63 | ||
64 | 12 | action="start" |
65 | 13 | else |
66 | 14 | action="restart" |
15 | fi | |
16 | ||
17 | if [ -z "$2" ] || dpkg --compare-versions "$2" lt 3.0.12+dfsg-2; then | |
18 | # Set up initial permissions on all the freeradius directories | |
19 | chown -R freerad:adm /var/log/freeradius | |
20 | chown -R freerad:freerad /etc/freeradius | |
21 | chmod 2751 /etc/freeradius | |
22 | find /etc/freeradius -type f -exec chmod 640 '{}' \; | |
23 | fi | |
24 | ||
25 | if dpkg --compare-versions "$2" lt 3.0.12+dfsg-2; then | |
26 | # Get rid of any dpkg statoverrides installed by earlier freeradius | |
27 | # packages (as opposed to the system administrator). | |
28 | cat <<'EOT' | grep --invert-match --fixed-strings --file=- /var/lib/dpkg/statoverride > /var/lib/dpkg/statoverride-new | |
29 | root freerad 640 /etc/freeradius/experimental.conf | |
30 | root freerad 640 /etc/freeradius/sql.conf | |
31 | root freerad 640 /etc/freeradius/huntgroups | |
32 | root freerad 640 /etc/freeradius/hints | |
33 | root freerad 640 /etc/freeradius/clients.conf | |
34 | root freerad 640 /etc/freeradius/attrs.pre-proxy | |
35 | freerad freerad 755 /var/run/freeradius | |
36 | root freerad 640 /etc/freeradius/acct_users | |
37 | freerad freerad 2751 /etc/freeradius/sites-enabled | |
38 | root freerad 640 /etc/freeradius/attrs.access_reject | |
39 | freerad freerad 2751 /etc/freeradius/certs | |
40 | root freerad 640 /etc/freeradius/preproxy_users | |
41 | freerad freerad 750 /var/log/freeradius | |
42 | freerad freerad 2751 /etc/freeradius | |
43 | root freerad 640 /etc/freeradius/proxy.conf | |
44 | root freerad 640 /etc/freeradius/attrs | |
45 | root freerad 640 /etc/freeradius/policy.txt | |
46 | root freerad 640 /etc/freeradius/ldap.attrmap | |
47 | root freerad 640 /etc/freeradius/attrs.accounting_response | |
48 | root freerad 640 /etc/freeradius/radiusd.conf | |
49 | freerad freerad 2751 /etc/freeradius/sites-available | |
50 | root freerad 640 /etc/freeradius/attrs.access_challenge | |
51 | root freerad 640 /etc/freeradius/eap.conf | |
52 | root freerad 644 /etc/freeradius/dictionary | |
53 | root freerad 640 /etc/freeradius/policy.conf | |
54 | EOT | |
55 | mv /var/lib/dpkg/statoverride-new /var/lib/dpkg/statoverride | |
67 | 56 | fi |
68 | 57 | |
69 | 58 | # Create links for default sites, but only if this is an initial |
10 | 10 | find -H /etc/freeradius/certs/ -type l -delete |
11 | 11 | rm -f /etc/freeradius/certs/dh |
12 | 12 | fi |
13 | ||
14 | if dpkg --compare-versions "$2" lt "2.1.8"; then | |
15 | for file in \ | |
16 | /etc/freeradius/otp.conf \ | |
17 | /etc/freeradius/snmp.conf | |
18 | do | |
19 | ||
20 | # must get rid of the overrides otherwise they corrupt the database | |
21 | if dpkg-statoverride --list | grep -qw $file$; then | |
22 | dpkg-statoverride --remove $file | |
23 | fi | |
24 | ||
25 | done | |
26 | fi | |
27 | ||
28 | 13 | esac |
29 | 14 | |
30 | 15 | #DEBHELPER# |
9 | 9 | /etc/init.d/freeradius stop |
10 | 10 | fi |
11 | 11 | |
12 | for file in /etc/freeradius/3.0/mods-config/files/pre-proxy \ | |
13 | /etc/freeradius/3.0/mods-config/preprocess/huntgroups \ | |
14 | /etc/freeradius/3.0/mods-config/preprocess/hints \ | |
15 | /etc/freeradius/3.0/mods-config/files/accounting \ | |
16 | /etc/freeradius/3.0/experimental.conf \ | |
17 | /etc/freeradius/3.0/proxy.conf \ | |
18 | /etc/freeradius/3.0/clients.conf \ | |
19 | /etc/freeradius/mods-config/files/pre-proxy \ | |
20 | /etc/freeradius/mods-config/preprocess/huntgroups \ | |
21 | /etc/freeradius/mods-config/preprocess/hints \ | |
22 | /etc/freeradius/mods-config/files/accounting \ | |
23 | /etc/freeradius/experimental.conf \ | |
24 | /etc/freeradius/proxy.conf \ | |
25 | /etc/freeradius/clients.conf; | |
26 | do | |
27 | if dpkg-statoverride --list | grep -qw $file$; then | |
28 | dpkg-statoverride --remove $file | |
29 | fi | |
30 | done | |
31 | ||
32 | for dir in /etc/freeradius/3.0/certs \ | |
33 | /etc/freeradius/3.0/sites-available \ | |
34 | /etc/freeradius/3.0/sites-enabled \ | |
35 | /etc/freeradius/3.0/mods-available \ | |
36 | /etc/freeradius/3.0/mods-enabled \ | |
37 | /etc/freeradius/3.0/mods-config/attr_filter \ | |
38 | /etc/freeradius/3.0/mods-config \ | |
39 | /etc/freeradius/3.0/policy.d \ | |
40 | /etc/freeradius/certs \ | |
41 | /etc/freeradius/sites-available \ | |
42 | /etc/freeradius/sites-enabled \ | |
43 | /etc/freeradius/mods-available \ | |
44 | /etc/freeradius/mods-enabled \ | |
45 | /etc/freeradius/mods-config/attr_filter \ | |
46 | /etc/freeradius/mods-config \ | |
47 | /etc/freeradius/policy.d \ | |
48 | /var/run/freeradius \ | |
49 | /var/log/freeradius; | |
50 | do | |
51 | if dpkg-statoverride --list | grep -qw $dir$; then | |
52 | dpkg-statoverride --remove $dir | |
53 | fi | |
54 | done | |
55 | 12 | ;; |
56 | 13 | esac |
57 | 14 |