[Bug 537587] Review Request: dspam - bayesian filtering daemon, client, library and web ui

Fri Jan 8 16:53:34 UTC 2010

Please do not reply directly to this email. All additional
comments should be made in the comments box of this bug.

https://bugzilla.redhat.com/show_bug.cgi?id=537587

--- Comment #43 from Mamoru Tasaka <mtasaka at ioa.s.u-tokyo.ac.jp>  2010-01-08 11:53:31 EDT ---
For -0.14:

* -n specification
  - For example "%package -n dspam-libs" can simply be
    "%package libs" (and the latter form is commonly used).

    Another example is that "%post -n dspam-libs -p /sbin/ldconfig"
    can simply be "%post libs -p /sbin/ldconfig".

* Directory ownership issue
  - This time the following directories are not owned by any packages:
---------------------------------------------------------------------
/usr/share/dspam/sql-scripts
---------------------------------------------------------------------

* Timestamp
  http://fedoraproject.org/wiki/Packaging:Guidelines#Timestamps
  - When using "cp" or "install" commands, add "-p" option to keep
    timestamps on installed files.

* Again owner/group/permission
(In reply to comment #41)
> I've checked and the odd permissions on /var/lib/dspam in necessary for
> security purposes.
> 
> The dspam binary is setgid on purpose. It isn't strictly necessary in *all*
> ways it can be configured, however the most common ways use that. I'll get more
> clarification as to what it does setgid vs non setgid methods of operation. We
> use it on our production servers in that mode.

  - To be clear, what I am said is that currently the group
    of /usr/bin/dspam is root and I guess this is wrong when this binary
    has setgid, because with this setgid/group executing /usr/bin/dspam
    is always done with root group.

    build.log says:
---------------------------------------------------------------------
   826  if test x"nobody" != xnone; then \
   827                  chown "nobody"
/builddir/build/BUILDROOT/dspam-3.9.0-0.14.RC2.i386/usr/bin/dspam; \
   828          fi
   829  chown: changing ownership of
`/builddir/build/BUILDROOT/dspam-3.9.0-0.14.RC2.i386/usr/bin/dspam': Operation
not permitted
   831  if test x"mail" != xnone; then \
   832                  chgrp "mail"
/builddir/build/BUILDROOT/dspam-3.9.0-0.14.RC2.i386/usr/bin/dspam; \
   833          fi
   834  chgrp: changing group of
`/builddir/build/BUILDROOT/dspam-3.9.0-0.14.RC2.i386/usr/bin/dspam': Operation
not permitted
---------------------------------------------------------------------
    So I guess /usr/bin/dspam should have %attr(2511,nobody,mail).
    Would you again check permission/owner/group of all files/directories?

    ! Note
    - Also, for binaries/directories which have some special
permission/group/owner,
      you should write these permission/group/owner with explicit %attr
      directive in the spec file like
---------------------------------------------------------------------
%files
...
%attr(0770,root,%{dspam_group}) %dir %{dspam_logdir}/
%attr(0770,root,%{dspam_group}) %dir %{dspam_homedir}/
%attr(%{dspam_mode},%{dspam_user},%{dspam_group}) %dir %{_var}/run/dspam
...
...
%{_bindir}/css*
%attr(%{dspam_mode},%{dspam_user},%{dspam_group}) %{_bindir}/dspam
%{_bindir}/dspam[-_c]*
...
---------------------------------------------------------------------
    (i.e. if the permission/group/owner is not (0755,root,root) (for directory/
          executable files) or (0644,root,root) (normal files), you must use
          %attr explicitly in the spec file)

-- 
Configure bugmail: https://bugzilla.redhat.com/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are on the CC list for the bug.