1

I'm trying to do something similar to what is described in this Q/A, except I'm using setfacl.

I have the following in debian/rules:

...
override_dh_fixperms:
    dh_fixperms
    setfacl -m u:applicationX:rw /etc/NetworkManager/

The package is built on a Jenkins server. It returns the error:

make[2]: setfacl: Command not found

I was expecting that these commands would be run during the installation process, I know the devices installing the package will have setfacl. Instead it seems the command is running on the Jenkins server during the build process.

Am I misunderstanding how to do the above? Is there a rule I can have run on the target machine instead?

Also note the file being modified isn't part of my package itself.

Philip Kirkbride
  • 10,236

1 Answers1

2

You can’t store ACLs during the package build, you need to set them after the package is installed, in the package’s postinst. To do this, create a file named postinst in your debian directory, and add the setfacl command there. You’ll also need to add a dependency on acl in your control file.

The fact that /etc/NetworkManager doesn’t belong to your package does add an additional twist, but I imagine your package isn’t destined to be uploaded to the Debian archives... You would also normally have to jump through some hoops to deal with the possibility that /etc/NetworkManager is deleted and re-created without the ACLs, but that seems rather unlikely in practice.

Stephen Kitt
  • 434,908