0

I have the following structure:

./inst/opt/test/ls: a copy of the /bin/ls binary, just for the sake of simplicity.

./inst/DEBIAN/changelog:

test (1) unstable; urgency=low

  * test 1

 -- test <test@test.com> April 28, 2020

./inst/DEBIAN/control:

Package: test
Version: 1
Architecture: amd64
Section: unknown
Priority: optional
Maintainer: test <test@test.com>
Build-Depends: debhelper (>= 8.0.0)
Standards-Version: 3.9.4
Homepage: https://www.test.com/
Depends: libappindicator1
Description: Test

./inst/DEBIAN/compat:

9

So far, so good.

What I'm trying to achieve is to make ls owned by root and with set setuid bit after installation. Here's one of my many attempts to do so:

./inst/DEBIAN/rules:

#!/usr/bin/make -f

%:
        dh $@

override_dh_fixperms:
        dh_fixperms --exclude ls
        find . -name ls -exec chmod +s {} \;

but the result with and without this file doesn't change at all.

Building the deb package with

dpkg-deb --build ~/test/inst/ ~/test/

I'm obviously missing something big. Can somebody tell me what?

Note, that postinst is not an option in my case.

Kiril Kirov
  • 307
  • Is it the difference between set-UID and sticky text, as at https://unix.stackexchange.com/q/79395/5132? That's somewhat big. You should probably proofread this question. (-: – JdeBP Apr 28 '20 at 17:42
  • @JdeBP you're right the example with the sticky bit is not exactly right, I was playing around with the ls binary, but for simplicity included the text file. Could be misleading, I agree (although you can technically execute chmod +s <test_file>. – Kiril Kirov Apr 28 '20 at 17:44
  • Changed to ls again, as it's indeed misleading. Also my bad about using 'sticky bit' instead of 'setuid' indeed – Kiril Kirov Apr 28 '20 at 20:26

1 Answers1

1

You’re building a binary package directly; debian/rules is only processed when building from a source package.

To build a binary package with a file with a setuid bit (chmod +s sets the setuid bit, not the sticky bit), set it in the file system before running dpkg-deb:

chmod 4755 inst/opt/test/ls

Then, to ensure the file is stored as owned by root, run dpkg-deb with fakeroot:

fakeroot dpkg-deb -b ~/test/inst ~/test

Checking the generated package contents with dpkg-deb -c should show

-rwsr-xr-x root/root ... ./opt/test/ls
Stephen Kitt
  • 434,908
  • Hm, what if there are other files, which should not be owned by root, just this one? (thanks for the note about sticky bit and setuid, my bad indeed) – Kiril Kirov Apr 28 '20 at 20:25
  • The packaging system assumes that the default ownership is root. Anything else needs to be handled in postinst in most cases, because the user might need to be created first. – Stephen Kitt Apr 29 '20 at 07:47
  • But creating the package without fakeroot leads to the following - the installed package's content is owned by the user, installing the package (if it's with sudo; su makes it owned by root, as expected). My point is - there should be a way to leave everything as-is, just changing one file's owner. Isn't it possible? – Kiril Kirov Apr 29 '20 at 10:33
  • 1
    I don’t think there is, at least not without using a postinst. – Stephen Kitt Apr 30 '20 at 17:18
  • Thanks, that helped a lot! – Kiril Kirov May 03 '20 at 07:47