Question on packaging and directory permissions
sodface opened this issue · 2 comments
I'm a new laminar user. I installed it on my home server running Alpine Linux (bare metal) using the laminar package in the Alpine testing repo. I then ran through the laminar docs to setup a job in order to test the installation and understand basic use.
I think there are some improvements to be made in Alpine's package but before I submit the issue to Alpine I hoped you might review / clarify a couple things.
The doc section for the example job says in part:
create the file /var/lib/laminar/cfg/jobs/hello.run
The way Alpine's package is setup is that after you install it, /var/lib/laminar doesn't exist at all until you start the service with the openrc init file. This is probably fine since most users would control the laminard service this way but until you start it that way at least once, the directory doesn't exist and launching laminard directly gives you:
server:~$ laminard
terminate called after throwing an instance of 'kj::ExceptionImpl'
what(): kj/filesystem.c++:612: failed: directory does not exist; path = var/lib/laminar
Aborted
As I said, this seems like mostly a non-issue but is there a use case for running laminard directly and not using a service manager?
So starting the service on Alpine the first time creates /var/lib/laminar owned by the laminar user and group created during package installation. That too seems fine except the cfg directory and it's subdirectories aren't created as per your sample pkg files, eg:
Line 41 in 277a59f
Before following the doc example then:
create the file /var/lib/laminar/cfg/jobs/hello.run
I needed to manually create the required directories which left me wondering about permissions. Creating the directory structure and chowning to laminar:laminar defaults to 0755 on the /var/lib/laminar/cfg/jobs directory. Which effectively means that only root/wheel users can create jobs. Is that the recommended default?
Sorry for the admin 101 questions but I originally changed the jobs directory to 0775 and added my personal user to the laminar group which works too but left me wondering a little about what's intended.
Hi, thanks for your report. I don't use Alpine regularly but I'll try to answer your questions
/var/lib/laminardoesn't exist at all until you start the service with the openrc init file.
As you point out, in the Debian package it is created at install time. If Alpine can do that it probably should.
As I said, this seems like mostly a non-issue but is there a use case for running laminard directly and not using a service manager?
Sure! Put that directory wherever you like. This is the way I usually run my development build: LAMINAR_HOME=$PWD ./laminard -v. It won't fail to start if $LAMINAR_HOME exists even if it is empty, but it won't do much without at least the cfg/jobs subdir.
Creating the directory structure and chowning to laminar:laminar defaults to 0755 on the /var/lib/laminar/cfg/jobs directory. Which effectively means that only root/wheel users can create jobs. Is that the recommended default?
In the debian package I recursively chown to laminar:laminar, so the laminar user can create jobs. It sounds like in your example /var/lib/laminar is owned by laminar but /var/lib/laminar/cfg/jobs is still owned by root. But of course you can set your permissions however you like, as long as whichever user that runs laminar has at least r-x on $LAMINAR_HOME/cfg/jobs/*.run.
Thanks for the feedback and clarification, I will move this discussion to Alpine and see if we can't get the package tidied up a bit.