permissions of /etc/fuse.conf are reset on upgrade

Bug #697792 reported by David Smith on 2011-01-05
32
This bug affects 3 people
Affects Status Importance Assigned to Milestone
fuse (Ubuntu)
Medium
Barry Warsaw
Lucid
Medium
Barry Warsaw
Maverick
Medium
Barry Warsaw
Natty
Medium
Barry Warsaw

Bug Description

Binary package hint: fuse-utils

The fuse-utils postinst unconditionally resets the permissions of /etc/fuse.conf to 0640 root:fuse. It should respect local modifications to the conf file.

Related branches

Clint Byrum (clint-fewbar) wrote :

Checked the package, and I can confirm that the file's permissions will be reset. Being a conffile, this should be done in the package build, not in the postinst.

Marking Confirmed.

Changed in fuse (Ubuntu):
status: New → Confirmed
Changed in fuse (Ubuntu Lucid):
status: New → Confirmed
importance: Undecided → Medium
Changed in fuse (Ubuntu Natty):
importance: Undecided → Medium
Changed in fuse (Ubuntu Lucid):
assignee: nobody → Canonical Foundations Team (canonical-foundations)
Changed in fuse (Ubuntu Lucid):
assignee: Canonical Foundations Team (canonical-foundations) → Colin Watson (cjwatson)
assignee: Colin Watson (cjwatson) → Canonical Foundations Team (canonical-foundations)
Changed in fuse (Ubuntu Natty):
assignee: nobody → Canonical Foundations Team (canonical-foundations)
Barry Warsaw (barry) on 2011-01-21
Changed in fuse (Ubuntu Lucid):
assignee: Canonical Foundations Team (canonical-foundations) → Barry Warsaw (barry)
Changed in fuse (Ubuntu Natty):
assignee: Canonical Foundations Team (canonical-foundations) → Barry Warsaw (barry)
Barry Warsaw (barry) wrote :

It's easy to set the mode in debian/rules, and in fact it looks like that's already done. The problem is setting the group ownership because group 'fuse' either doesn't exist on the build machine, or probably does not match the target machine. So that has to be done in fuse-utils.postinst.

The group is added if it does not exist, so I propose that if the group gets added in fuse-utils.postint, the ownership of /etc/fuse.conf should also be changed. I think it's highly unlikely that the fuse group would not exist but /etc/fuse.conf would exist.

Barry Warsaw (barry) wrote :

Hmm, from my test build:

...
install -D -m0640 /build/barry-fuse_2.8.4-1.1ubuntu3-amd64-sLU9hK/fuse-2.8.4/debian/fuse.conf \
     /build/barry-fuse_2.8.4-1.1ubuntu3-amd64-sLU9hK/fuse-2.8.4/debian/fuse-utils/etc/fuse.conf
...
drwxr-xr-x root/root 0 2011-01-21 10:06 ./etc/
-rw-r--r-- root/root 216 2011-01-21 10:06 ./etc/fuse.conf

I would have expected the mod to be 0640.

Barry Warsaw (barry) wrote :

Okay, I have a fix that works, using the approach I describe above. I'll push it and submit an mp as soon as codehosting comes back up. If approved and landed, I'll do a backport candidate for Lucid (and probably Maverick).

Changed in fuse (Ubuntu Natty):
status: Confirmed → In Progress
milestone: none → natty-alpha-2
Barry Warsaw (barry) wrote :

In the meantime, here's a debdiff for review.

Barry Warsaw (barry) wrote :

Ah dang, forgot to add LP bug tag to changelog. Here's an updated debdiff.

tags: added: patch
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package fuse - 2.8.4-1.1ubuntu3

---------------
fuse (2.8.4-1.1ubuntu3) natty; urgency=low

  * debian/fuse-utils.postinst:
    Respect local modifications to /etc/fuse.conf by not changing the
    ownership or mode of /etc/fuse.conf in the postinst file unless we're
    also adding the fuse group for the first time. (LP: #697792)
 -- Barry Warsaw <email address hidden> Fri, 21 Jan 2011 11:13:06 -0500

Changed in fuse (Ubuntu Natty):
status: In Progress → Fix Released
Barry Warsaw (barry) wrote :

SRU information:

Impact: The bug affects many existing user; they make local modifications to the ownership or permissions of /etc/fuse.conf and installing an update squashes those changes.

As stated above, the patch fixes this by only setting the permission and ownership of /etc/fuse.conf when it is also adding the fuse group in the postinst, rather than unconditionally. It's considered unlikely that there would be local modifications to fuse.conf when the fuse group does not exist.

See linked branch for proposed fix for Lucid.

Reproduce by: change perm/own of /etc/fuse.conf; apt-get rm fuse-utils; apt-get install fuse-utils; see the perm/own change. Installing the fixed package however will preserve this change. You should also test a fresh install by apt-get purge fuse-utils; delgroup fuse; then install the fixed package and see both the group and own/perm on /etc/fuse.conf be installed correctly

Regression potential: None foreseeable, unless someone depends on the unconditionally squashing of perm/own of /etc/fuse.conf on upgrade.

Barry Warsaw (barry) wrote :

I've nominated this for maverick too, but can't approve that bug task apparently.

Barry Warsaw (barry) on 2011-01-25
Changed in fuse (Ubuntu Maverick):
status: New → Confirmed
assignee: nobody → Barry Warsaw (barry)
importance: Undecided → Medium
Changed in fuse (Ubuntu Lucid):
milestone: none → lucid-updates
Changed in fuse (Ubuntu Maverick):
milestone: none → maverick-updates
Oliver Grawert (ogra) wrote :

fix uploaded to maverick-proposed (someone from the SRU team please accept)

Changed in fuse (Ubuntu Maverick):
status: Confirmed → Fix Committed

FWIW, I tested the fuse-utils package in Barry's PPA (https://launchpad.net/~barry/+archive/python), and custom ownership/permissions on /etc/fuse.conf where preserved as expected on package upgrade.

Colin Watson (cjwatson) wrote :

Thanks, Barry - I've uploaded your lucid-proposed branch, although it will have to wait for acceptance until the 10.04.2 freeze is lifted.

Changed in fuse (Ubuntu Lucid):
status: Confirmed → In Progress

Accepted fuse into maverick-proposed, the package will build now and be available in a few hours. Please test and give feedback here. See https://wiki.ubuntu.com/Testing/EnableProposed for documentation how to enable and use -proposed. Thank you in advance!

tags: added: verification-needed
Barry Warsaw (barry) wrote :

Verified works from maverick-proposed.

tags: added: verification-done
removed: verification-needed
Martin Pitt (pitti) wrote :

Accepted fuse into lucid-proposed, the package will build now and be available in a few hours. Please test and give feedback here. See https://wiki.ubuntu.com/Testing/EnableProposed for documentation how to enable and use -proposed. Thank you in advance!

Changed in fuse (Ubuntu Lucid):
status: In Progress → Fix Committed
tags: removed: verification-done
tags: added: verification-needed
tags: added: verification-done
tags: removed: verification-done
Martin Pitt (pitti) wrote :

Releasing maverick update, keeping v-needed for lucid update.

Launchpad Janitor (janitor) wrote :

This bug was fixed in the package fuse - 2.8.4-1ubuntu1.2

---------------
fuse (2.8.4-1ubuntu1.2) maverick-proposed; urgency=low

  * debian/fuse-utils.postinst:
    Respect local modifications to /etc/fuse.conf by not changing the
    ownership or mode of /etc/fuse.conf in the postinst file unless we're
    also adding the fuse group for the first time. (LP: #697792)
 -- Barry Warsaw <email address hidden> Tue, 25 Jan 2011 20:08:08 -0500

Changed in fuse (Ubuntu Maverick):
status: Fix Committed → Fix Released
Barry Warsaw (barry) wrote :

Verified works for lucid-proposed.

tags: added: verification-done
removed: verification-needed
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package fuse - 2.8.1-1.1ubuntu3

---------------
fuse (2.8.1-1.1ubuntu3) lucid-proposed; urgency=low

  * debian/fuse-utils.postinst:
    Respect local modifications to /etc/fuse.conf by not changing the
    ownership or mode of /etc/fuse.conf in the postinst file unless we're
    also adding the fuse group for the first time. (LP: #697792)
 -- Barry Warsaw <email address hidden> Mon, 24 Jan 2011 11:25:19 -0500

Changed in fuse (Ubuntu Lucid):
status: Fix Committed → Fix Released

FYI the fix is wrong. It destroys the idempotency of postinst. If the postinst is interrupted after the addgroup call then a repeated invokation of the postinst script will not change the mode or ownership of /etc/fuse.conf.

This also applies when fuse-utils was installed in the past, then was purged and is now installed again. In that case the group already exists but the conffile does not.

Instead of testing for the existance of the fuse group the postint script should check wether it is a first install ($2 is empty) or an upgrade ($2 is old v ersion).

Colin Watson (cjwatson) wrote :

Thanks, Goswin. I'll make such a change in the merge I'm preparing at the moment.

To post a comment you must log in.
This report contains Public information  Edit
Everyone can see this information.

Other bug subscribers