Description of problem: after update of the 'filesystem' rpm to the version 2.4.0-3.el5 the access permissions for the /root has been changed to 750 Version-Release number of selected component (if applicable): filesystem.i386 0:2.4.0-3.el5 How reproducible: yum update to the newest version Steps to Reproduce: 1. yum reinstall filesystem (or 'yum update' from old one) 2. 3. Actual results: # ll -d /root drwxr-x--- 3 root root 4096 Oct 1 16:59 /root Expected results: # ll -d /root drwxr-xr-x 3 root root 4096 Oct 1 16:59 /root Additional info: Our root user has its $HOME not as /root, but /root/home/root. We have the other local user $HOME in /root/home too. The 'filesystem' rpm scriptlet must check $HOME for user 'root' before any change of the access permissions of it.
Sorry, but /root should not be readable/writable by others - this was done a LOT earlier - by * Wed Oct 7 1998 Bill Nottingham <notting> - Changed /root to 0750 and filesystem package update has nothing to do with it. You modified /root directory permissions on your machine (and filesystem package owns that directory and changed permissions back to the correct value) Those permissions are not handled in any scriptlet, it has nothing to do with $HOME variable of root user, those are coming from filelist section handled by rpm directly. $HOME/other envvars can't be handled within filesystem package (as this installs very early in dependency tree, before bash, so I can't use any other than lua scriptlet there) - you practically can't have post/postun/whatever section there. FHS states /root is prefered home dir for root user, filesystem package just follows this recommendation. Any change to it in RHEL-5 would most probably initiate reports which will require reverting this change. Closing that one NOTABUG - there is nothing wrong from filesystem package perspective.
Hello Ondrej, Thank you for your fast reply. It was my misunderstanding about how to work filesystem package (scriplets). Ondrej, but I talk here about an update of the existing filesystem not about an first installation. I mean never should an update try to change a directory permissions without a check. If a filesystem package has change some existing directories, it must be correct later. Here you can see what the update really do: -----snip # ll -d /root drwxr-xr-x 3 root root 4096 Oct 1 16:59 /root # yum reinstall filesystem Setting up Reinstall Process ... Installed: filesystem.i386 0:2.4.0-3.el5 Complete! # ll -d /root drwxr-x--- 3 root root 4096 Oct 1 16:59 /root ---------snip /root may be prefered home dir for root user, but it MUST NOT be one. We need a home dir /root/home/root and e.g. /root/home/adminuser because: 1. We don't want any root passwords and we'll do all admin works as sudoers. 2. We need home dir for both admin users (root and adminuser) only LOCAL on the one filesystem. Our standard user may have (or may not have) its home dirs on the NFS, SAN, etc. devices. But during many problems it is very helpful, if the admin user has its home dir local. 3. We need the 755 permissions for /root ! Please take our problem as user case. kind regards, Ilja
But there is no difference in dependency list for first installation and updates. I understand the troubles you have because of the permission changes during the updates. That's how rpm works and afaik there is no way how to avoid it. Permissions are refreshed when you update any package. IMHO you don't need 755 permissions on the /root , 750 should be imho enough even if you have more "root-like" users. You could imho handle it easily via ACLs. You could set then additional rx access to the /root for any user/group you want - and it will still be better than generally changing /root to 755 - as for most RHEL users is 750 better option. Maybe it could be some RFE for rpm - to allow some kind of "not-override-permissions" macro/option for the filelist - as it might be useful sometimes - to not override user modified permissions after update. AFAIK there is no way how to deal with that at the moment.