Set permissions after RPM install

12,196

You can add chmod to a %post section if you wanted to but that's the wrong approach to the problem.

You should just make sure that the files are executable in the buildroot during the installation and they should remain so (with that %defattr entry) in the RPM and once installed (though that %defattr entry should be above the /opt line).

Alternatively, you can use the %defattr macro and %attr macros to have RPM apply specific permissions to specific files in the %files section manually.

See Directives For the %files list and Specifying File Attributes for how the directives work.

Example from the second link:

%files
%attr(-, root, root) %doc README
%attr(4755, root, root) /usr/local/bin/cdp
%attr(-, root, root) /usr/local/bin/cdplay
%attr(-, root, rot) /usr/local/man/man1/cdp.1
Share:
12,196
user1285928
Author by

user1285928

Updated on June 14, 2022

Comments

  • user1285928
    user1285928 over 1 year

    I use this spec file to use RPM files

    Name:           pack-agent
    Version:        1.0
    Release:        1%{?dist}
    Summary:        Linux Agent installation script
    Group:          Utilities
    License:        license
    Source0:        pack-agent-1.0.tar.gz
    BuildArch:      x86_64
    BuildRoot:      %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n)
    %description
    
    %prep
    %setup -q -n opt
    
    %build
    
    %install
    #install -m 0755 -d $RPM_BUILD_ROOT/agent
    #cp -ap agent/* $RPM_BUILD_ROOT/agent/
    
    install -m 0755 -d %{buildroot}/opt
    #cp -a * %{buildroot}/agent
    cp -a * %{buildroot}/opt
    
    %clean
    rm -rf $RPM_BUILD_ROOT
    
    %files
    /opt
    %defattr(-,root,root,-)
    %attr(777, root, root) /opt/agent/bin/karaf
    
    %doc
    %changelog
    

    But after install the files are not executable. I need to start file insight directories tree. Is there anyway to add chmod command insight the spec file and use it to set permissions after RPM install?

  • Aaron D. Marasco
    Aaron D. Marasco about 8 years
    I recommend the last paragraph as well. Default everything to something reasonable like 644, and then make your executables 755.
  • Aaron D. Marasco
    Aaron D. Marasco about 8 years
    The %post chmod would be bad because for many reasons, the biggest being rpm -V would fail saying the permissions don't match the RPM DB.
  • user1285928
    user1285928 about 8 years
    Could you please show me how I need to edit the spec file for the last solution?
  • msuchy
    msuchy about 8 years
    Or you can chmod that file in %install section
  • user1285928
    user1285928 about 8 years
    Files are always with permission -rw-r--r--. Any idea where is the problem?
  • user1285928
    user1285928 about 8 years
    I added %attr(777, root, root) /opt/agent/bin/karaf but when I install the RPM package the permission is -rw-r--r--
  • Etan Reisner
    Etan Reisner about 8 years
    Try 0755 instead of 777 and see if that works. But like I said you can also just ensure that the permissions are correct in the buildroot and then not specify any permissions in the %files section and RPM will leave them alone.
  • Aaron D. Marasco
    Aaron D. Marasco about 8 years
    777 by root is a ginormous security hole BTW... there might even be a warning in your build logs saying "nope!"