Permissions for shared libraries in Kerberos

Cy Schubert Cy.Schubert at
Sat Nov 28 10:43:21 EST 2020

In message <87zh32gc2e.fsf at>, Russ Allbery writes:
> Cy Schubert <Cy.Schubert at> writes:
> > In other words some unsuspecting user might ./ and receive
> > some strange error. As the FreeBSD package maintainer I'd revert the
> > permissions back to 0644. Why? Some unsuspecting user will try something
> > stupid and open a ticket. I avoid tickets.
> > Expect the same from your downstream Linux distros.
> Clearly not RPM-based distros, given the reported behavior of rpm, and
> that's quite a lot of them!
> Debian-derived distros already handle this via dh_fixperms, so it doesn't
> matter what Kerberos does by default.

I can do the same in each FreeBSD port's pkg-plist file. You could do what 
you want.

Ports that use $(INSTALL), defaulting to /usr/bin/install, use 0644 by 
default. But upstream software, e.g. krb5, that uses its own install 
targets can be "fixed up" as discussed above. So yes, whatever you do here 
doesn't have to affect my packaging of the software for FreeBSD.

> That does leave Arch and Gentoo (and probably others that aren't occuring
> to me at the moment), but I suspect this won't be a big deal for them.

I don't concur either but I can work around it if needed.

The reason I don't concur is: but why? Why do this in the first place? It 
introduces "breakage" (in itself) for no good reason. But in the bigger 
picture, I can work around this and IMO not really worth arguing about.

Cy Schubert <Cy.Schubert at>
FreeBSD UNIX:  <cy at>   Web:
NTP:           <cy at>    Web:

	The need of the many outweighs the greed of the few.

More information about the krbdev mailing list