Shared library permissions in Debian-land and Red Hat-land

Kevin Kofler kevin.kofler at chello.at
Thu Mar 24 18:08:06 UTC 2011


Adam Williamson wrote:
> So, I just ran into an interesting issue talking over Fedora patches
> with the upstream glew maintainer. glew installs its shared libraries
> 'manually', not using autotools / libtools; upstream installs them with
> permissions of 0644, and we patch this to 0755. After talking to
> upstream, they say they're following Debian conventions here; I don't
> have a Debian-land system to confirm, but they say on Debian and Ubuntu,
> all shared libs have 0644 permissions.

This is true. AFAIK, the Debian policy is because those shared libraries 
crash when some idiot tries to run them as programs.

> In Fedora, they have to have 0755 or the auto-provides / auto-depends
> scripts don't work.

This is also true.

> So, is it true that the convention is 0644 in Debian and 0755 in Red
> Hat-land?

Yes, unfortunately. :-(

> If so, does anyone know why the difference,

See above.

> and if this needs to stay different forever?

I don't know, but right now it needs to be different in any case. :-(

I wonder if it would be possible to fix the kernel so that running a shared 
library does not crash, but give a meaningful error message, and if Debian 
would change their policy then.

> Also, I presume neither of us is patching several thousand shared library
> packages for this, so are the permissions usually set by libtool or
> something similar, and that's where the configuration is set?

I don't know how it works in autotools, but in CMake, they explicitly check 
if the system has an /etc/debian_version file and install the .so file as 
644 in that case and 755 otherwise:
http://cmake.org/gitweb?p=cmake.git;a=blob;f=Modules/Platform/Linux.cmake;h=6490dd1e5108168743bc45d039f68d677334966e;hb=HEAD#l21

        Kevin Kofler



More information about the devel mailing list