dpkg-statoverride
override ownership and mode of files
see also :
dpkg
Synopsis
dpkg-statoverride
[option...] command
add an example, a script, a trick and tips
examples
source
for f in /etc/certain/CA
/etc/certain/CA/private /etc/certain/private; do
if ! dpkg-statoverride --list
$f > /dev/null; then
if ! dpkg-statoverride --list $f > /dev/null; then
dpkg-statoverride --update --add certain certain 0700
$f
fi
done
for f in /etc/certain
/etc/certain/CSRCache /etc/certain/certs /var/log/certain;
do
source
for f in /etc/certain{,/private,/CA,/CA/private,/CSRCache,/certs,/store,/certain.conf}
/var/log/certain; do
if dpkg-statoverride --list
$f > /dev/null; then
if dpkg-statoverride --list $f > /dev/null; then
dpkg-statoverride --remove $f
fi
done
if getent passwd certain >/dev/null
2>&1; then
userdel certain
fi
#DEBHELPER#
description
’stat
overrides’ are a way to tell dpkg(1) to use
a different owner or mode for a file when a package is
installed. (note: I use the word ’file’ here,
but in reality this can be any filesystem object that dpkg
handles, including directories, devices, etc.). This can be
used to force programs that are normally setuid to be
install without a setuid flag, or only executable by a
certain group.
dpkg-statoverride
is a utility to manage the list of stat overrides. It has
three basic functions: adding, removing and listing
overrides.
options
--admindir
directory
Change the directory of
the dpkg database where the statoverride file is also
stored. Defaults to /var/lib/dpkg.
--force
Force an action, even if a
sanity check would otherwise prohibit it. This is necessary
to override an existing override.
--update
Immediately try to change the
file to the new owner and mode if it exists.
--quiet
Be less verbose about what we
do.
commands
--add user group mode file
Add an override for file. file does not need to
exist when this command is used; the override will be stored and
used later. Users and groups can be specified by their name (for
example root or nobody), or by their number by
prepending the number with a ’#’ (for example #0 or
#65534). The mode needs to be specified in octal.
If --update is specified and file exists, it is
immediately set to the new owner and mode.
--remove file
Remove an override for file, the status of file is
left unchanged by this command.
--list [glob-pattern]
List all overrides. If a glob pattern is specified restrict the
output to overrides which match the glob. If there are no
overrides or none match the glob dpkg-statoverride will
exit with an exitcode of 1.
--help
Show the usage message and exit.
--version
Show the version and exit.
environment
DPKG_ADMINDIR
If set and the --admindir option has not been specified,
it will be used as the dpkg data directory.
files
/var/lib/dpkg/statoverride
File which contains the current list of stat overrides of the
system. It is located in the dpkg administration directory, along
with other files important to dpkg, such as ’status’ or
’available’.
Note: dpkg-statoverride preserves the old copy of this
file, with extension "-old", before replacing it with the new
one.
see also
dpkg .