From rea-fbsd@codelabs.ru  Mon Apr 27 06:38:17 2009
Return-Path: <rea-fbsd@codelabs.ru>
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34])
	by hub.freebsd.org (Postfix) with ESMTP id 385A61065672
	for <FreeBSD-gnats-submit@freebsd.org>; Mon, 27 Apr 2009 06:38:17 +0000 (UTC)
	(envelope-from rea-fbsd@codelabs.ru)
Received: from 0.mx.codelabs.ru (0.mx.codelabs.ru [144.206.177.45])
	by mx1.freebsd.org (Postfix) with ESMTP id D8E038FC13
	for <FreeBSD-gnats-submit@freebsd.org>; Mon, 27 Apr 2009 06:38:16 +0000 (UTC)
	(envelope-from rea-fbsd@codelabs.ru)
Received: from shadow.localdomain (cdma-92-36-31-186.msk.skylink.ru [92.36.31.186])
	by 0.mx.codelabs.ru with esmtps (TLSv1:CAMELLIA256-SHA:256)
	id 1LyKTl-00085p-TF for FreeBSD-gnats-submit@freebsd.org; Mon, 27 Apr 2009 10:38:15 +0400
Message-Id: <20090427063800.6D7E31711F@shadow.localdomain>
Date: Mon, 27 Apr 2009 10:38:00 +0400 (MSD)
From: Eygene Ryabinkin <rea-fbsd@codelabs.ru>
Reply-To: Eygene Ryabinkin <rea-fbsd@codelabs.ru>
To: FreeBSD-gnats-submit@freebsd.org
Cc:
Subject: [patch] usr.sbin/mergemaster: preserve mode/ownership for existing files
X-Send-Pr-Version: 3.113
X-GNATS-Notify: dougb@freebsd.org

>Number:         134038
>Category:       bin
>Synopsis:       [patch] mergemaster(8): preserve mode/ownership for existing files
>Confidential:   no
>Severity:       serious
>Priority:       high
>Responsible:    dougb
>State:          closed
>Quarter:        
>Keywords:       
>Date-Required:  
>Class:          sw-bug
>Submitter-Id:   current-users
>Arrival-Date:   Mon Apr 27 06:40:01 UTC 2009
>Closed-Date:    Tue Dec 29 07:34:35 UTC 2009
>Last-Modified:  Tue Dec 29 07:34:35 UTC 2009
>Originator:     Eygene Ryabinkin
>Release:        FreeBSD 7.2-PRERELEASE amd64
>Organization:
Code Labs
>Environment:

System: FreeBSD 7.2-PRERELEASE amd64

>Description:

Currently mergemaster sets default permissions and ownership for all
merged and installed files.  This could choke the system if
administrator had set non-default ownership and/or values and some parts
of the system rely on that settings.

>How-To-Repeat:

Take some file, for example /etc/defaults/rc.conf, modify it, set
non-default permissions (!= 444) and ownership (!= root:wheel), run
mergemaster and try to install/merge the file.  Check
permissions/ownership when mergemaster will finish: they will be reset
to defaults.

>Fix:

The following patch will fix the thing.

--- preserve-ownership-mode-for-merged-and-installed-files.diff begins here ---
From 2f23988faaf4d9d789a88df961a0d50241a97275 Mon Sep 17 00:00:00 2001
From: Eygene Ryabinkin <rea-fbsd@codelabs.ru>
Date: Sun, 26 Apr 2009 22:50:22 +0400

It is good to respect administrator's opinion on the ownership and mode
for various system files.  Currently merge and install operations reset
the mode and ownership, but this was fixed by this commit.

Signed-off-by: Eygene Ryabinkin <rea-fbsd@codelabs.ru>
---
 usr.sbin/mergemaster/mergemaster.sh |   23 +++++++++++++++++++----
 1 files changed, 19 insertions(+), 4 deletions(-)

diff --git a/usr.sbin/mergemaster/mergemaster.sh b/usr.sbin/mergemaster/mergemaster.sh
index e444996..0b74301 100755
--- a/usr.sbin/mergemaster/mergemaster.sh
+++ b/usr.sbin/mergemaster/mergemaster.sh
@@ -768,6 +768,11 @@ install_error () {
   exit 1
 }
 
+# Arguments:
+# - file mode;
+# - source file;
+# - destination directory;
+# - flags for install (can be empty).
 do_install_and_rm () {
   case "${PRESERVE_FILES}" in
   [Yy][Ee][Ss])
@@ -779,7 +784,7 @@ do_install_and_rm () {
   esac
 
   if [ ! -d "${3}/${2##*/}" ]; then
-    if install -m ${1} ${2} ${3}; then
+    if install -m ${1} ${4} ${2} ${3}; then
       unlink ${2}
     else
       install_error ${2} ${3}
@@ -813,7 +818,15 @@ mm_install () {
     install -d -o root -g wheel -m "${DIR_MODE}" "${DESTDIR}${INSTALL_DIR}"
   fi
 
-  FILE_MODE=`find_mode "${1}"`
+  # Don't reset ownership and permissions for existing files:
+  # administrator may have reasons to set them to non-default
+  # values.
+  if [ -f "${DESTDIR}${COMFILE#.}" ]; then
+    FILE_MODE=`find_mode "${DESTDIR}${COMPFILE#.}"`
+    INSTALL_FLAGS=`stat -f '-o %u -g %g' "${DESTDIR}${COMPFILE#.}"`
+  else
+    FILE_MODE=`find_mode "${1}"`
+  fi
 
   if [ ! -x "${1}" ]; then
     case "${1#.}" in
@@ -882,14 +895,16 @@ mm_install () {
 
     case "${DONT_INSTALL}" in
     '')
-      do_install_and_rm "${FILE_MODE}" "${1}" "${DESTDIR}${INSTALL_DIR}"
+      do_install_and_rm "${FILE_MODE}" "${1}" "${DESTDIR}${INSTALL_DIR}" \
+        "${INSTALL_FLAGS}"
       ;;
     *)
       unset DONT_INSTALL
       ;;
     esac
   else	# File matched -x
-    do_install_and_rm "${FILE_MODE}" "${1}" "${DESTDIR}${INSTALL_DIR}"
+    do_install_and_rm "${FILE_MODE}" "${1}" "${DESTDIR}${INSTALL_DIR}" \
+      "${INSTALL_FLAGS}"
   fi
   return $?
 }
-- 
1.6.2.4
--- preserve-ownership-mode-for-merged-and-installed-files.diff ends here ---
>Release-Note:
>Audit-Trail:
Responsible-Changed-From-To: freebsd-bugs->dougb 
Responsible-Changed-By: linimon 
Responsible-Changed-When: Mon Apr 27 07:19:13 UTC 2009 
Responsible-Changed-Why:  
Over to maintainer. 

http://www.freebsd.org/cgi/query-pr.cgi?pr=134038 

From: Doug Barton <dougb@FreeBSD.org>
To: Eygene Ryabinkin <rea-fbsd@codelabs.ru>
Cc: FreeBSD-gnats-submit@freebsd.org
Subject: Re: bin/134038: [patch] usr.sbin/mergemaster: preserve mode/ownership
 for existing files
Date: Tue, 28 Apr 2009 10:52:02 -0700

 My gut feeling (unsupported by scientific observation) has always been
 that the number of users who would set things to non-default
 permissions for a good reason is minuscule compared to the number who
 would do it accidentally.
 
 My suggestion for your situation would be to make use of the
 MM_EXIT_SCRIPT functionality to set non-default permissions on any
 files for which you think that would be appropriate. You could set
 that up in /etc/mergemaster.rc to make sure it is used by anyone who
 is updating. This method also has the advantage of providing you a
 central location to document your deviations and give reasons for them.
 
 Do you think that would work for you?
 
 
 Doug
 
 -- 
 
     This .signature sanitized for your protection
 

From: Eygene Ryabinkin <rea-fbsd@codelabs.ru>
To: bug-followup@freebsd.org
Cc: dougb@freebsd.org
Subject: Re: bin/134038: [patch] usr.sbin/mergemaster: preserve
	mode/ownership for existing files
Date: Wed, 29 Apr 2009 16:09:10 +0400

 Erm, sorry: pushed patch with typo.  Here is the correct one:
 --- preserve-ownership-mode-for-merged-and-installed-files.diff begins here=
  ---
 =46rom d549bbedf6e072a091e18d0c9228e75219996fd5 Mon Sep 17 00:00:00 2001
 =46rom: Eygene Ryabinkin <rea-fbsd@codelabs.ru>
 Date: Sun, 26 Apr 2009 22:50:22 +0400
 Subject: [PATCH] mergemaster: preserve ownership/mode for existing files
 
 It is good to respect administrator's opinion on the ownership and mode
 for various system files.  Currently merge and install operations reset
 the mode and ownership, but this was fixed by this commit.
 
 Signed-off-by: Eygene Ryabinkin <rea-fbsd@codelabs.ru>
 ---
  usr.sbin/mergemaster/mergemaster.sh |   23 +++++++++++++++++++----
  1 files changed, 19 insertions(+), 4 deletions(-)
 
 diff --git a/usr.sbin/mergemaster/mergemaster.sh b/usr.sbin/mergemaster/mer=
 gemaster.sh
 index e444996..4366a4f 100755
 --- a/usr.sbin/mergemaster/mergemaster.sh
 +++ b/usr.sbin/mergemaster/mergemaster.sh
 @@ -768,6 +768,11 @@ install_error () {
    exit 1
  }
 =20
 +# Arguments:
 +# - file mode;
 +# - source file;
 +# - destination directory;
 +# - flags for install (can be empty).
  do_install_and_rm () {
    case "${PRESERVE_FILES}" in
    [Yy][Ee][Ss])
 @@ -779,7 +784,7 @@ do_install_and_rm () {
    esac
 =20
    if [ ! -d "${3}/${2##*/}" ]; then
 -    if install -m ${1} ${2} ${3}; then
 +    if install -m ${1} ${4} ${2} ${3}; then
        unlink ${2}
      else
        install_error ${2} ${3}
 @@ -813,7 +818,15 @@ mm_install () {
      install -d -o root -g wheel -m "${DIR_MODE}" "${DESTDIR}${INSTALL_DIR}"
    fi
 =20
 -  FILE_MODE=3D`find_mode "${1}"`
 +  # Don't reset ownership and permissions for existing files:
 +  # administrator may have reasons to set them to non-default
 +  # values.
 +  if [ -f "${DESTDIR}${COMPFILE#.}" ]; then
 +    FILE_MODE=3D`find_mode "${DESTDIR}${COMPFILE#.}"`
 +    INSTALL_FLAGS=3D`stat -f '-o %u -g %g' "${DESTDIR}${COMPFILE#.}"`
 +  else
 +    FILE_MODE=3D`find_mode "${1}"`
 +  fi
 =20
    if [ ! -x "${1}" ]; then
      case "${1#.}" in
 @@ -882,14 +895,16 @@ mm_install () {
 =20
      case "${DONT_INSTALL}" in
      '')
 -      do_install_and_rm "${FILE_MODE}" "${1}" "${DESTDIR}${INSTALL_DIR}"
 +      do_install_and_rm "${FILE_MODE}" "${1}" "${DESTDIR}${INSTALL_DIR}" \
 +        "${INSTALL_FLAGS}"
        ;;
      *)
        unset DONT_INSTALL
        ;;
      esac
    else	# File matched -x
 -    do_install_and_rm "${FILE_MODE}" "${1}" "${DESTDIR}${INSTALL_DIR}"
 +    do_install_and_rm "${FILE_MODE}" "${1}" "${DESTDIR}${INSTALL_DIR}" \
 +      "${INSTALL_FLAGS}"
    fi
    return $?
  }
 --=20
 1.6.3.rc2.15.g8664.dirty
 --- preserve-ownership-mode-for-merged-and-installed-files.diff ends here -=
 --
 --=20
 Eygene
  _                ___       _.--.   #
  \`.|\..----...-'`   `-._.-'_.-'`   #  Remember that it is hard
  /  ' `         ,       __.--'      #  to read the on-line manual
  )/' _/     \   `-_,   /            #  while single-stepping the kernel.
  `-'" `"\_  ,_.-;_.-\_ ',  fsc/as   #
      _.-'_./   {_.'   ; /           #    -- FreeBSD Developers handbook
     {_.-``-'         {_/            #

From: Eygene Ryabinkin <rea-fbsd@codelabs.ru>
To: dougb@freebsd.org
Cc: bug-followup@freebsd.org
Subject: Re: bin/134038: [patch] usr.sbin/mergemaster: preserve
	mode/ownership for existing files
Date: Thu, 30 Apr 2009 15:38:54 +0400

 Doug Barton wrote:
 > My gut feeling (unsupported by scientific observation) has always been
 > that the number of users who would set things to non-default
 > permissions for a good reason is minuscule compared to the number who
 > would do it accidentally.
 
 May be you're even right.  But such a strategy chokes administrators who
 do this intentionally.  For example, I am setting 640 for /etc/ttys to
 hide tty configuration from regular users -- they just shouldn't see it.
 
 > My suggestion for your situation would be to make use of the
 > MM_EXIT_SCRIPT functionality to set non-default permissions on any
 > files for which you think that would be appropriate.
 
 That's good, but introduces the time interval between setting the
 default permissions and reverting them via MM_EXIT_SCRIPT.
 
 > You could set that up in /etc/mergemaster.rc to make sure it is used
 > by anyone who is updating. This method also has the advantage of
 > providing you a central location to document your deviations and give
 > reasons for them.
 
 I am keeping all my system configuration in the VCS system, so I am
 already documenting everything and that's better than just the plain
 file with permissions and comments -- the difference is the history.
 
 > Do you think that would work for you?
 
 Not as I like.  May be we could add another flag to mergemaster that
 will avoid touching permissions: default behaviour will be preserved
 and maniacs like me could use the new flag to tell mergemaster what
 to do.
 
 Frankly, I am not very much fond of the approach of setting default
 permissions every time -- this looks as targeted to the poor users that
 doesn't understand what they are doing and I had always treated FreeBSD
 as the system for professional minds.  But I could be wrong and even the
 majority of professional people do like the current behaviour.
 -- 
 Eygene
  _                ___       _.--.   #
  \`.|\..----...-'`   `-._.-'_.-'`   #  Remember that it is hard
  /  ' `         ,       __.--'      #  to read the on-line manual
  )/' _/     \   `-_,   /            #  while single-stepping the kernel.
  `-'" `"\_  ,_.-;_.-\_ ',  fsc/as   #
      _.-'_./   {_.'   ; /           #    -- FreeBSD Developers handbook
     {_.-``-'         {_/            #

From: Eygene Ryabinkin <rea-fbsd@codelabs.ru>
To: dougb@freebsd.org
Cc: bug-followup@freebsd.org
Subject: Re: bin/134038: [patch] usr.sbin/mergemaster: preserve
	mode/ownership for existing files
Date: Sun, 24 May 2009 10:40:11 +0400

 --TB36FDmn/VVEgNH/
 Content-Type: text/plain; charset=us-ascii
 Content-Disposition: inline
 
 Doug, good day.
 
 Thu, Apr 30, 2009 at 03:38:54PM +0400, Eygene Ryabinkin wrote:
 > Not as I like.  May be we could add another flag to mergemaster that
 > will avoid touching permissions: default behaviour will be preserved
 > and maniacs like me could use the new flag to tell mergemaster what
 > to do.
 
 Attached is the patch to conditionalize the preservation of modes
 and ownership using new flag '-k'.  It should be applied on top
 of the previous patch.  It will be good to bring the patchset
 to the base system.
 
 Thanks in advance!
 -- 
 Eygene
  _                ___       _.--.   #
  \`.|\..----...-'`   `-._.-'_.-'`   #  Remember that it is hard
  /  ' `         ,       __.--'      #  to read the on-line manual
  )/' _/     \   `-_,   /            #  while single-stepping the kernel.
  `-'" `"\_  ,_.-;_.-\_ ',  fsc/as   #
      _.-'_./   {_.'   ; /           #    -- FreeBSD Developers handbook
     {_.-``-'         {_/            #
 
 --TB36FDmn/VVEgNH/
 Content-Type: text/x-diff; charset=us-ascii
 Content-Disposition: attachment; filename="mergemaster-add-option-k.diff"
 Content-Transfer-Encoding: quoted-printable
 
 =46rom d8a198e197639496314053229a8c5aee0fdf14b1 Mon Sep 17 00:00:00 2001
 =46rom: Eygene Ryabinkin <rea-fbsd@codelabs.ru>
 Date: Sun, 24 May 2009 10:23:31 +0400
 Subject: [PATCH] mergemaster: new option, -k, to keep ownership and permiss=
 ions
 
 Don't uncoditionally modify the default behaviour for existing files,
 instead add additional flag to keep ownership/permissions.
 
 Signed-off-by: Eygene Ryabinkin <rea-fbsd@codelabs.ru>
 ---
  usr.sbin/mergemaster/mergemaster.8  |   13 +++++++++++--
  usr.sbin/mergemaster/mergemaster.sh |   14 +++++++++-----
  2 files changed, 20 insertions(+), 7 deletions(-)
 
 diff --git a/usr.sbin/mergemaster/mergemaster.8 b/usr.sbin/mergemaster/merg=
 emaster.8
 index 2bff4be..2d204c7 100644
 --- a/usr.sbin/mergemaster/mergemaster.8
 +++ b/usr.sbin/mergemaster/mergemaster.8
 @@ -32,7 +32,7 @@
  .Nd merge configuration files, et al during an upgrade
  .Sh SYNOPSIS
  .Nm
 -.Op Fl scrvahipFCPU
 +.Op Fl scrvahipkFCPU
  .Op Fl m Ar /path/to/sources
  .Op Fl t Ar /path/to/temp/root
  .Op Fl d
 @@ -112,7 +112,9 @@ utility checks your umask and issues a warning for anyt=
 hing
  other than 022.
  While it is not mandatory to grant
  world read permissions for most configuration files, you
 -may run into problems without them.
 +may run into problems without them (wizards can use option
 +.Op Fl k ,
 +see below for explanations).
  If you choose a
  umask other than 022 and experience trouble later this
  could be the cause.
 @@ -135,6 +137,10 @@ The script uses the owner and group ids
  that the files are created with by
  .Pa /usr/src/etc/Makefile ,
  and file permissions as specified by the umask.
 +One can use option
 +.Op Fl k
 +to modify default behaviour and preserve
 +ownership and permissions for existing files.
  Unified diffs are used by default to display any
  differences unless you choose context diffs.
  .Pp
 @@ -256,6 +262,9 @@ If
  .Op Fl t
  is specified, this option must
  follow it if you want the date added too.
 +.It Fl k
 +preserve modes and ownership for installed and merged files
 +if the target file already present in the system.
  .It Fl u Ar N
  Specify a numeric umask.
  The default is 022.
 diff --git a/usr.sbin/mergemaster/mergemaster.sh b/usr.sbin/mergemaster/mer=
 gemaster.sh
 index bd75722..5e1ff34 100755
 --- a/usr.sbin/mergemaster/mergemaster.sh
 +++ b/usr.sbin/mergemaster/mergemaster.sh
 @@ -26,6 +26,7 @@ display_usage () {
    echo "  -h  Display more complete help"
    echo '  -i  Automatically install files that do not exist in destination=
  directory'
    echo '  -p  Pre-buildworld mode, only compares crucial files'
 +  echo '  -k  keep ownership and permissions for existing target files'
    echo '  -F  Install files that differ only by revision control Id ($Free=
 BSD)'
    echo '  -C  Compare local rc.conf variables to the defaults'
    echo '  -P  Preserve files that are overwritten'
 @@ -268,7 +269,7 @@ MTREEFILE=3D"${MTREEDB}/mergemaster.mtree"
 =20
  # Check the command line options
  #
 -while getopts ":ascrvhipCPm:t:du:w:D:A:FU" COMMAND_LINE_ARGUMENT ; do
 +while getopts ":ascrvhipkCPm:t:du:w:D:A:FU" COMMAND_LINE_ARGUMENT ; do
    case "${COMMAND_LINE_ARGUMENT}" in
    A)
      ARCHSTRING=3D'TARGET_ARCH=3D'${OPTARG}
 @@ -317,6 +318,9 @@ while getopts ":ascrvhipCPm:t:du:w:D:A:FU" COMMAND_LINE=
 _ARGUMENT ; do
      unset COMP_CONFS
      unset AUTO_RUN
      ;;
 +  k)
 +    KEEP_OWNER_PERMS=3Dyes
 +    ;;
    m)
      SOURCEDIR=3D${OPTARG}
      ;;
 @@ -822,10 +826,10 @@ mm_install () {
      install -d -o root -g wheel -m "${DIR_MODE}" "${DESTDIR}${INSTALL_DIR}"
    fi
 =20
 -  # Don't reset ownership and permissions for existing files:
 -  # administrator may have reasons to set them to non-default
 -  # values.
 -  if [ -f "${DESTDIR}${COMPFILE#.}" ]; then
 +  # Handle flag '-k',don't reset ownership and permissions
 +  # for existing files: administrator may have reasons
 +  # to set them to non-default values.
 +  if [ -n "$KEEP_OWNER_PERMS" -a -f "${DESTDIR}${COMPFILE#.}" ]; then
      FILE_MODE=3D`find_mode "${DESTDIR}${COMPFILE#.}"`
      INSTALL_FLAGS=3D`stat -f '-o %u -g %g' "${DESTDIR}${COMPFILE#.}"`
    else
 --=20
 1.6.3.1
 
 
 --TB36FDmn/VVEgNH/--
State-Changed-From-To: open->closed 
State-Changed-By: dougb 
State-Changed-When: Tue Dec 29 07:27:51 UTC 2009 
State-Changed-Why:  

I've given this a lot of thought, and my opinion about it 
has not changed. There are two reasons that a file might 
have non-default permissions: 
1) User error 
2) Intentional configuration by the sysadmin 

In the first case, setting them to the defaults is definitely 
the safest thing to do, and is almost certainly the right 
thing to do as well. This is also far more likely to be the 
reason a file has non-default permissions. 

In the second case, we can trust that a sysadmin who is 
smart enough to set non-default permissions on a file with 
a specific purpose in mind is also smart enough to read the 
mergemaster man page on how to create a MM_EXIT_SCRIPT that 
will fix things back up. 

Therefore I will not be incorporating this patch into the 
base.  I do appreciate your suggestion, and the time you 
took to create and provide the patch however.  


Regards, 

Doug 

http://www.freebsd.org/cgi/query-pr.cgi?pr=134038 
>Unformatted:
