From jrm@inferno.darktide.net  Sun Aug  7 15:56:42 2011
Return-Path: <jrm@inferno.darktide.net>
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34])
	by hub.freebsd.org (Postfix) with ESMTP id 24C371065670
	for <FreeBSD-gnats-submit@freebsd.org>; Sun,  7 Aug 2011 15:56:42 +0000 (UTC)
	(envelope-from jrm@inferno.darktide.net)
Received: from inferno.darktide.net (inferno.darktide.net [64.85.171.168])
	by mx1.freebsd.org (Postfix) with ESMTP id 4EB4A8FC18
	for <FreeBSD-gnats-submit@freebsd.org>; Sun,  7 Aug 2011 15:56:40 +0000 (UTC)
Received: from inferno.darktide.net (localhost [127.0.0.1])
	by inferno.darktide.net (8.14.3/8.14.3) with ESMTP id p77FPFKI026779
	for <FreeBSD-gnats-submit@freebsd.org>; Mon, 8 Aug 2011 00:55:15 +0930 (CST)
	(envelope-from jrm@inferno.darktide.net)
Received: (from jrm@localhost)
	by inferno.darktide.net (8.14.3/8.14.3/Submit) id p77FPFjs026778;
	Mon, 8 Aug 2011 00:55:15 +0930 (CST)
	(envelope-from jrm)
Message-Id: <201108071525.p77FPFjs026778@inferno.darktide.net>
Date: Mon, 8 Aug 2011 00:55:15 +0930 (CST)
From: J R M <freebsd@eliti.st>
Reply-To: J R M <freebsd@eliti.st>
To: FreeBSD-gnats-submit@freebsd.org
Cc:
Subject: mergemaster -p breaks /etc/group when /usr/src/etc/group is 0600
X-Send-Pr-Version: 3.113
X-GNATS-Notify:

>Number:         159586
>Category:       conf
>Synopsis:       mergemaster(8): mergemaster -p breaks /etc/group when /usr/src/etc/group is 0600
>Confidential:   no
>Severity:       non-critical
>Priority:       low
>Responsible:    dougb
>State:          closed
>Quarter:        
>Keywords:       
>Date-Required:  
>Class:          sw-bug
>Submitter-Id:   current-users
>Arrival-Date:   Sun Aug 07 16:00:30 UTC 2011
>Closed-Date:    Tue Aug 09 01:51:21 UTC 2011
>Last-Modified:  Tue Aug 09 01:51:21 UTC 2011
>Originator:     J R M
>Release:        FreeBSD 8.0-RELEASE-p2 i386
>Organization:
n/a
>Environment:
System: FreeBSD inferno 8.0-RELEASE-p2 FreeBSD 8.0-RELEASE-p2 #0: Tue Jan 5 16:02:27 UTC 2010 root@i386-builder.daemonology.net:/usr/obj/usr/src/sys/GENERIC i386

>Description:
	When performing a 'mergemaster -p' as part of an upgrade, and
	merging the /etc/group file, when it installs the file it
	breaks the permissions on /etc/group to 0600 when the /usr/src/etc/group
	file is set to 0600 from what I can tell.  This is irrespective of
	the umask set by the user.  On my systems I've always kept
	/usr/src to 077 during cvsup.  This has never been a problem in the
	past and I've been using these same permissions on /usr/src since
	3.x days -- This only seems to have cropped up in 8.x.

	Running mergemaster -x, I can see the following:

	+ [ -n /etc -a ! -d /etc ]
	+ find_mode ./etc/group
	+ local OCTAL
	+ echo 'obase=10; ibase=8; 022'
	+ bc
	+ stat -f %OMp%OLp ./etc/group
	+ bc
	+ echo 'obase=10; ibase=8; 0600'
	+ OCTAL=384
	+ printf '%04o\n' 384
	+ FILE_MODE=0600
	+ [ ! -x ./etc/group ]
	+ do_install_and_rm 0600 ./etc/group /etc
	+ [ ! -d /etc/group ]
	+ install -m 0600 ./etc/group /etc
	+ unlink ./etc/group
	+ return 0
	+ echo '     *** Merged version of ./etc/group installed successfully'

	The permissions on /var/tmp/temproot/etc/group and group.merged
	stay at 0600 and this seems to pass through to /etc when the
	install takes place.  This seems to be a bug to me.  Other configuration
	files seem to install perfectly without any issue with their
	individual permissions.


>How-To-Repeat:
	Set /usr/src/etc/group to 0600 permissions.  Run 'mergemaster -p'
	ensuring that the installed /etc/group file differs sufficiently
	from /usr/src/etc/group.  Hit 'install' or 'merge' to merge the
	file.  The file will be installed with 0600 permissions.  This
	works perfectly when /usr/src/etc/group has 0644 permissions - but
	this situation cannot be guaranteed - and has never been
	required in the past (nor is a requirement for other files).  I 
	suspect this problem also affects /etc/master.passwd but because
	this file should be 0600, it is not noticed.

	Note: if you mergemaster the entire tree during a regular
	mergemaster, the permissions on /etc/group are handled correctly.

>Fix:
	Modify mergemaster to properly handle the permissions on
	/etc/group during 'mergemaster -p' as it does other files
	during a regular mermgemaster
>Release-Note:
>Audit-Trail:
Responsible-Changed-From-To: freebsd-bugs->dougb 
Responsible-Changed-By: linimon 
Responsible-Changed-When: Sun Aug 7 23:43:46 UTC 2011 
Responsible-Changed-Why:  
Over to maintainer. 

http://www.freebsd.org/cgi/query-pr.cgi?pr=159586 
State-Changed-From-To: open->closed 
State-Changed-By: dougb 
State-Changed-When: Tue Aug 9 01:42:15 UTC 2011 
State-Changed-Why:  

The -p code uses 'cp -p' to copy the files in part to preserve the last 
modification time. master.passwd already has special handling so it is 
always installed 0600 into the live system. However the group file does not. 
This code hasn't changed since the feature was introduced, and no user has 
ever complained about it. 

One could make a fairly persuasive argument that setting your sources 0600 
is significantly non-standard, and that if you choose to do something like 
this you shouldn't be surprised when unexpected things happen. 

http://www.freebsd.org/cgi/query-pr.cgi?pr=159586 
>Unformatted:
