base-files postinstall recurses into /var

Bug #319477 reported by Morio Taneda
2
Affects Status Importance Assigned to Milestone
base-files (Ubuntu)
Confirmed
Medium
Unassigned

Bug Description

Binary package hint: base-files

Ubuntu 8.04.2
base-files 4.0.1ubuntu5.8.04.4

moriot@xxxxxx:~$ sudo apt-get install --reinstall (or install, or upgrade) base-files
Reading package lists... Done
Building dependency tree
Reading state information... Done
0 upgraded, 0 newly installed, 1 reinstalled, 0 to remove and 59 not upgraded.
1 not fully installed or removed.
After this operation, 0B of additional disk space will be used.
Do you want to continue [Y/n]?
Setting up base-files (4.0.1ubuntu5.8.04.4) ...

lsof -p `pidof find` shows working directory and open directory handles under /var (/var/volumes/... which I think is site-specific).

This may seem related to 297595, 306973 but both of these say that find is searching through /etc. However I cannot find any links under my /etc pointing to directories in /var (searched using find -type l | xargs namei | grep var), only files.

The affected machine's /var/volumes contains 250GB of user data -- other installations may have far more. The argument that it's better to be thorough because this upgrade only happens once, seems a bit out of balance here. Also, base-files has no business changing permissions in arbitrary directories containing user data.

At least there should be a message printed at the start of postinst stating that this upgrade could take a while...

Revision history for this message
Colin Watson (cjwatson) wrote :

We were actually relatively careful to touch only directories the packaging system knew about, I thought. Here's the relevant code. I can't see where this could recurse into /var/volumes; could you look over the following and see if any of the mentioned directories might contain symlinks into /var/volumes? I suspect that this is specific to your system somehow but I don't yet see how. Thanks in advance.

  NINER_NINER_PATHS=" \
       /boot \
       /etc \
       /usr/lib/locale \
       /var/backups \
       /var/cache/apt \
       /var/cache/debconf \
       /var/cache/fontconfig \
       /var/cache/fonts \
       /var/cache/ldconfig \
       /var/cache/anthy \
       /var/lib/apt \
       /var/lib/dpkg \
       /var/lib/belocs \
       /var/lib/gconf \
       /var/lib/defoma \
       /var/lib/locales \
       /var/log/installer "

  NINER_NINER_SYMLINKS=" \
       /initrd.img \
       /vmlinuz \
       /cdrom \
       /media/cdrom \
       /etc/alternatives \
       /usr/share/fonts \
       /var/lib/anthy \
       /var/lib/defoma "

  find -L $NINER_NINER_PATHS -gid 999 -print0 |
       xargs -0rt chgrp 0
  find $NINER_NINER_SYMLINKS -gid 999 -print0 |
       xargs -0rt chgrp -h 0
  find /media -maxdepth 1 -name "cdrom[0-9]*" -gid 999 -print0 |
       xargs -0rt chgrp 0

  find /lib/modules -maxdepth 2 -name "modules.*" -gid 999 -print0 |
       xargs -0rt chgrp 0

Changed in base-files (Ubuntu):
assignee: nobody → Colin Watson (cjwatson)
status: New → Incomplete
Revision history for this message
Morio Taneda (morio-taneda) wrote : Re: [Bug 319477] Re: base-files postinstall recurses into /var

Yes it's /var/backups. The symlink is specific to this machine though
other hosts in the company had been set up with the backups actually
under /var/backups. Those may have been ubuntu, debian or CentOS (I'm
not in charge of those). Should we avoid /var/backups?

Colin Watson wrote:
> We were actually relatively careful to touch only directories the
> packaging system knew about, I thought. Here's the relevant code. I
> can't see where this could recurse into /var/volumes; could you look
> over the following and see if any of the mentioned directories might
> contain symlinks into /var/volumes? I suspect that this is specific to
> your system somehow but I don't yet see how. Thanks in advance.
>
> NINER_NINER_PATHS=" \
> /boot \
> /etc \
> /usr/lib/locale \
> /var/backups \
> /var/cache/apt \
> /var/cache/debconf \
> /var/cache/fontconfig \
> /var/cache/fonts \
> /var/cache/ldconfig \
> /var/cache/anthy \
> /var/lib/apt \
> /var/lib/dpkg \
> /var/lib/belocs \
> /var/lib/gconf \
> /var/lib/defoma \
> /var/lib/locales \
> /var/log/installer "
>
> NINER_NINER_SYMLINKS=" \
> /initrd.img \
> /vmlinuz \
> /cdrom \
> /media/cdrom \
> /etc/alternatives \
> /usr/share/fonts \
> /var/lib/anthy \
> /var/lib/defoma "
>
> find -L $NINER_NINER_PATHS -gid 999 -print0 |
> xargs -0rt chgrp 0
> find $NINER_NINER_SYMLINKS -gid 999 -print0 |
> xargs -0rt chgrp -h 0
> find /media -maxdepth 1 -name "cdrom[0-9]*" -gid 999 -print0 |
> xargs -0rt chgrp 0
>
> find /lib/modules -maxdepth 2 -name "modules.*" -gid 999 -print0 |
> xargs -0rt chgrp 0
>
>
> ** Changed in: base-files (Ubuntu)
> Status: New => Incomplete
>
> ** Changed in: base-files (Ubuntu)
> Assignee: (unassigned) => Colin Watson (cjwatson)
>
>

Colin Watson (cjwatson)
Changed in base-files (Ubuntu):
assignee: Colin Watson (cjwatson) → nobody
status: Incomplete → Confirmed
importance: Undecided → Medium
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.