Tomcat7 post installation script does not honor dpkg-statsoverride entries

Bug #1673016 reported by Burkhard Linke
6
This bug affects 1 person
Affects Status Importance Assigned to Milestone
tomcat8 (Debian)
Fix Released
Unknown
tomcat8 (Ubuntu)
Wishlist
Unassigned

Bug Description

The post installation script (/var/lib/dpkg/info/tomcat7.postinst) uses static permissions/groups:

 chown -R $TOMCAT7_USER:adm /var/log/tomcat7 /var/cache/tomcat7
 chmod 750 /var/log/tomcat7 /var/cache/tomcat7

These values should be checked against dpkg-statsoverride.

Use case: giving a user access to tomcat logs by adding it to group tomcat7

Revision history for this message
Nish Aravamudan (nacc) wrote :

Hello and thank you for filing this bug report!

I think this bug is probably also present in Debian and is maybe also present in tomcat8? Would you be willing to file the bug there?

Changed in tomcat7 (Ubuntu):
status: New → Triaged
Revision history for this message
Christian Ehrhardt  (paelzer) wrote :

No update for a long time, severity is low (actually undecided so far) and a report to Debian would still be the right thing to do.

Revision history for this message
Christian Ehrhardt  (paelzer) wrote :

Reported and Linked.

Revision history for this message
Christian Ehrhardt  (paelzer) wrote :

As it seems just none around tomcat is very experienced with dpkg-statoverride.
Also while correct it is close to a nice-to have.

If one wants to go for this The Debian maintainer is open to review changes provided on the bug that I reported and linked.

affects: tomcat7 (Ubuntu) → tomcat8 (Ubuntu)
Changed in tomcat8 (Ubuntu):
importance: Undecided → Wishlist
Changed in tomcat8 (Debian):
status: Unknown → New
joseph ngugi (ngugi1)
affects: tomcat8 (Ubuntu) → tomcat8 (BOSS)
Changed in tomcat8 (BOSS):
status: Triaged → Fix Released
Steve Langasek (vorlon)
affects: tomcat8 (BOSS) → tomcat8 (Ubuntu)
Changed in tomcat8 (Ubuntu):
status: Fix Released → Triaged
Revision history for this message
Andreas Hasenack (ahasenack) wrote :

I'm also not familiar with dpkg-statoverride, but the pattern seems to be something along those lines:
- if there is no override for path /foo/bar, call dpkg-statoverride with --update

Example from cron's postinst:
# Fixup crontab binary for new group 'crontab'.
if ! dpkg-statoverride --list /usr/bin/crontab > /dev/null ; then
    dpkg-statoverride --update --add root crontab 2755 /usr/bin/crontab
fi

Example from softhsm2:
set_perms() {
    if ! dpkg-statoverride --list "$4" >/dev/null; then
        dpkg-statoverride --update --add "$@"
    fi
}

...
    # set correct permissions on softhsm directories
    set_perms root softhsm 0750 /etc/softhsm
    set_perms root softhsm 02770 /var/lib/softhsm
    set_perms root softhsm 02770 /var/lib/softhsm/tokens

Changed in tomcat8 (Debian):
status: New → Fix Released
Revision history for this message
Miriam España Acebal (mirespace) wrote :

Hi,

the affected version here ( 8.5.16-1) belongs to Artful which reached EOSS (End of Standard Support) so I'm afraid it can't be fixed.

The bug was fixed in Debian for 8.5.38-2+rm version, and tomcat8 is present in Xenial with a lower version (8.0.32-1ubuntu1.13 ) (EOSS too) and in Bionic with a higher version (8.5.39-1ubuntu1~18.04.3) (so it's fixed for this). For this reason, I will mark the bug as "Won't fix".

Changed in tomcat8 (Ubuntu):
status: Triaged → Won't Fix
To post a comment you must log in.
This report contains Public information  Edit
Everyone can see this information.

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.