Uploaded image for project: 'Jenkins'
  1. Jenkins
  2. JENKINS-5969

Problematic chown/chmod at Debian package upgrade

    • Icon: Bug Bug
    • Resolution: Fixed
    • Icon: Critical Critical
    • other
    • None
    • Ubuntu 9.10, Hudson 1.348

      When upgrading the Hudson Debian package the "postinst" script in the Debian package tries to use "chown" and "chmod" to set ownership and permissions on files under ~hudson. But the script follows symlinks, so it can run chown/chmod on any file outside of the ~hudson directory tree. On my Hudson server machine we have a symlink to the root directory of the machine (i.e. to "/"). That the Hudson upgrade results in changes to "/" is really bad.

      The problematic lines in "postinst" seem to be:

      find /var/lib/hudson -path "*jobs" -prune -o -exec chown hudson:adm {} +

      and

      find /var/lib/hudson -path "jobs" -prune -o -path ".ssh" -prune -o -exec chmod 750 {} +

      Adding a "! -type l" in the right place should solve the immediate problem (see the attachment for regular a patch). But I wonder if it is a good idea to modify the files under the ~hudson user in the this way at all.

          [JENKINS-5969] Problematic chown/chmod at Debian package upgrade

          holmberg556 added a comment -

          Added the patch mentioned in the description earlier.

          holmberg556 added a comment - Added the patch mentioned in the description earlier.

          holmberg556 added a comment -

          After searching in Jira I also found: JENKINS-4047, JENKINS-5908, JENKINS-5771 and JENKINS-5112.

          Like the current issue they all seem to be about the chown/chmod done at upgrade of the Debian package. Should the "postinst" script really be doing this stuff?

          holmberg556 added a comment - After searching in Jira I also found: JENKINS-4047 , JENKINS-5908 , JENKINS-5771 and JENKINS-5112 . Like the current issue they all seem to be about the chown/chmod done at upgrade of the Debian package. Should the "postinst" script really be doing this stuff?

          I think you are right. We shouldn't mess with this.
          Fixed as a part of JENKINS-4047.

          Kohsuke Kawaguchi added a comment - I think you are right. We shouldn't mess with this. Fixed as a part of JENKINS-4047 .

            Unassigned Unassigned
            holmberg556 holmberg556
            Votes:
            0 Vote for this issue
            Watchers:
            0 Start watching this issue

              Created:
              Updated:
              Resolved: