You are not logged in.
- Topics: Active | Unanswered
#1 2007-06-26 23:26:07
- MAC!EK
- Member
- Registered: 2005-09-27
- Posts: 267
Permission of .pacnew files
After updating sudo package smth made me check the diff between /etc/sudoers and /etc/sudoers.pacnew (I did it from regular user, not root) :
$ LANG="" diff /etc/sudoers.pacnew /etc/sudoers
diff: /etc/sudoers: Permission deniedFor my surprise he yelled only for /etc/sudoers, and nothing about sudoers.pacnew file.
So I checked the permissions:
$ LANG="" ls -l /etc/sudoers*
-r--r----- 1 root root 723 Jun 20 02:11 /etc/sudoers
-rw-r--r-- 1 root root 608 Jun 27 00:26 /etc/sudoers.pacnewAs You can see the .pacnew file has read permission for ALL. There's nothing wrong with this, it's a default file and there's nothing importand in there I thought. BUT after a minute... what about a situation when an administrator moves the /etc/sudoers.pacnew to /etc/sudoers, then edits it and makes important changes.. ? The file is still readable for ALL!
I think it's quite important issue or mayby I don't know about smth 
EDIT:
I made a little test:
# ls -l /etc/sudoers*
-r--r----- 1 root root 723 VI 20 02:11 /etc/sudoers
-rw-r--r-- 1 root root 608 VI 27 00:26 /etc/sudoers.pacnew
# cp /etc/sudoers.pacnew /etc/sudoers
# ls -l /etc/sudoers*
-r--r----- 1 root root 608 VI 27 01:29 /etc/sudoers
-rw-r--r-- 1 root root 608 VI 27 00:26 /etc/sudoers.pacnewSo when admin only copies the new file on the old one, the permissions will stay OK, it's quite normal
# rm /etc/sudoers; cp /etc/sudoers.pacnew /etc/sudoers
# ls -l /etc/sudoers*
-rw-r--r-- 1 root root 608 VI 27 01:30 /etc/sudoers
-rw-r--r-- 1 root root 608 VI 27 00:26 /etc/sudoers.pacnewBut what about this? When we first remove the file and then change the name?
I think it's still important to set the permissions of .pacnew files like they are in the package.
EDIT 2:
I forgot to say that after editing the file with visudo, the permissions are changed to proper one.
Last edited by MAC!EK (2007-06-26 23:38:21)
Offline
#2 2007-06-27 21:24:51
- shining
- Pacman Developer
- Registered: 2006-05-10
- Posts: 2,043
Re: Permission of .pacnew files
Interesting, please report a bug : bugs.archlinux.org
I think only the "ls -l /etc/sudoers*" output after install is needed, which show
the incorrect permission of the pacnew file, but feel free to stay as verbose for the bug report too
I actually learned something, didn't know that cp behaved that way : when copying a file over an other, it keeps the permission of the replaced file.
But well, that's not related to pacman.
pacman roulette : pacman -S $(pacman -Slq | LANG=C sort -R | head -n $((RANDOM % 10)))
Offline