Dear Marcus,
OK, it seems the syntax question (dots or colons) is a red herring. I have changed the dots to colons and reinstalled coreutils, and the permissions again reverted to factory defaults.
# ls -l /bin/su -rwsr-x--- 1 root support 39984 Nov 12 13:57 /bin/su
# zypper in -f coreutils Loading repository data... Reading installed packages... Forcing installation of 'coreutils-8.14-3.11.1.x86_64' from repository 'openSUSE-12.1-Update'. Resolving package dependencies...
The following package is going to be reinstalled: coreutils
1 package to reinstall. Overall download size: 1.0 MiB. No additional space will be used or freed after the operation. Continue? [y/n/?] (y): Retrieving package coreutils-8.14-3.11.1.x86_64 (1/1), 1.0 MiB (4.7 MiB unpacked) Retrieving: coreutils-8.14-3.11.1.x86_64.rpm [done] Installing: coreutils-8.14-3.11.1 [done]
ribosome# ls -l /bin/su -rwsr-xr-x 1 root root 39984 Nov 12 13:57 /bin/su
# chkstat --system --set --examine /bin/su Checking permissions and ownerships - using the permissions files /etc/permissions /etc/permissions.secure /etc/permissions.d/mail-server /etc/permissions.d/sendmail /etc/permissions.d/texlive /etc/permissions.local setting /bin/su to root:support 4750. (wrong owner/group root:root permissions 4755)
Hah! I love this bug. :) I dug deeper into it and it becomes apparent if you do: rpm -q --scripts coreutils|grep bin/su /usr/bin/chkstat -n --set --system /usr/bin/su /usr/bin/chkstat -n --warn --system -e /bin/su 1>&2 So the actual permission setting in %post uses the wrong path, so it changes back to the RPM permissions and not the system permissions. I have opened bug 791026. Ciao, Marcus -- To unsubscribe, e-mail: opensuse-security+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse-security+owner@opensuse.org