From fa229e9d6d037e08ff548b80a9b43ffded8e352a Mon Sep 17 00:00:00 2001 From: Dmitry Bogatov Date: Thu, 2 Mar 2017 13:23:37 +0300 Subject: Ensure that after package removal logs belong to root. --- debian/changelog | 1 + postrm-runit | 17 +++++++++++++++-- 2 files changed, 16 insertions(+), 2 deletions(-) diff --git a/debian/changelog b/debian/changelog index 1bd9759..2e667cb 100644 --- a/debian/changelog +++ b/debian/changelog @@ -8,6 +8,7 @@ dh-runit (2.7) UNRELEASED; urgency=medium * Remove 'logdir' option for simplicity sake. Strictly speaking it is backward-incompatible change, hence the version major bump, but I am unaware of any actual users of this option. + * Ensure that after package removal logs belong to root. -- Dmitry Bogatov Wed, 01 Mar 2017 18:38:17 +0300 diff --git a/postrm-runit b/postrm-runit index 9a69a53..5ce6acf 100644 --- a/postrm-runit +++ b/postrm-runit @@ -4,8 +4,8 @@ if [ "$1" = 'purge' ] ; then # If runscript was never invoked, there will be no files # in this directory, and `dpkg' will remove it. In this case, # we have nothing to do. - for supervise in "/var/lib/runit/supervise/#NAME#" \ - "/var/lib/runit/log/supervise/#NAME#" ; do + for supervise in '/var/lib/runit/supervise/#NAME#' \ + '/var/lib/runit/log/supervise/#NAME#' ; do if [ -d "$supervise" ] ; then # Actually only `down' may be absent, but it does not @@ -27,6 +27,19 @@ if [ "$1" = 'purge' ] ; then done fi +# Following code makes sure, that after removal of package, in default +# setup, the only files belonged to log user, belong to root. +# +# This way user can be safely removed, solving part of #848239 (need +# interoperation from dh-sysuser). +# +# Sure, system administrator can make stupid thing and chown some file +# to log user, but consequences do not seem to be so severe. After +# all, with great power comes great responsibility. +if [ -d '/var/log/runit/#NAME#' ] ; then + chown --recursive root:root '/var/log/runit/#NAME#' +fi + # Local Variables: # eval: (sh-set-shell "sh" t nil) # End: -- cgit v1.2.3