On Fri, 11 Aug 2023 11:58:04 -0500, Larry Finger <Larry.Finger@lwfinger.net> wrote:
On 8/11/23 09:49, Joe Salmeri wrote:
Thanks Jan, Carlos and others that have explained what is going on.
Since the default install uses the easy permissions, would it make sense for the RPMs to match what the easy permissions are.
If the admin switches to more restrictive permissions, then they would get the messages ( which makes sense to me ).
As I said in my previous posting, at least SUID permissions cannot be set in the spec file that builds an rpm. VirtualBox has a number of executables that must have permissions 4755, but if you try to set them in the rpm build, it blows up with a fatal error in the program name rpmlint, which checks for a number of errors.
This behavior is by DESIGN, not an accident. If any package developer could set their package to have arbitrary permissions, the security holes would be huge. Instead, developers must have any such files included in the permissions package, and such inclusions are tightly controlled by the Security gurus at openSUSE. Speaking from experience, it is not easy to get a new file included, nor should it be.
Getting an informational message is a minor thing.
Right, the word "error" does not appear in the message, correctly indicating that it is just informational, but because it says "wrong permissions", it can look like an error message: /usr/bin/fusermount3: setting to root:trusted 4755 (wrong permissions 4750) Since it is by design, the permissions are not really "wrong". They just need to be changed at that time. So why not change 'chkstat' to use another word, like "original", "package", "default", "given", etc. [permissions]? -- Robert Webb "I didn't get the wrong answer, it just needed to be changed."