diff --git a/doc/rpm.8 b/doc/rpm.8 index 9a62927d06..d8d6284c6e 100644 --- a/doc/rpm.8 +++ b/doc/rpm.8 @@ -49,6 +49,10 @@ rpm \- RPM Package Manager \fBrpm\fR \fB--setugids\fR \fB\fIPACKAGE_NAME\fB\fR\fI ...\fR +\fBrpm\fR \fB--setcaps\fR \fB\fIPACKAGE_NAME\fB\fR\fI ...\fR + +\fBrpm\fR \fB--restore\fR \fB\fIPACKAGE_NAME\fB\fR\fI ...\fR + .SS "select-options" .PP @@ -839,15 +843,24 @@ options are currently set in configuration file(s). .TP \fBrpm\fR \fB--setperms\fR \fIPACKAGE_NAME\fR -sets permissions of files in the given package. +sets permissions of files in the given package. Consider using +\fB--restore\fR instead. .TP \fBrpm\fR \fB--setugids\fR \fIPACKAGE_NAME\fR sets user/group ownership of files in the given package. This command can -change permissions of files in that package. It is caused by calling command -\fBchmod\fR that can clear SUID and SGID bits in some situations. So it is -safer to call also \fB--setperms\fR after calling \fB--setugids\fR. +change permissions and capabilities of files in that package. In most +cases it is better to use \fB--restore\fR instead. +.TP +\fBrpm\fR \fB--setcaps\fR \fIPACKAGE_NAME\fR +sets capabilities of files in the given package. Consider using +\fB--restore\fR instead. +.TP +\fBrpm\fR \fB--restore\fR \fIPACKAGE_NAME\fR +The option restores owner, group, permissions and capabilities of files +in the given package. .TP -Options \fB--setperms\fR and \fB--setugids\fR are mutually exclusive. +Options \fB--setperms\fR, \fB--setugids\fR, \fB--setcaps\fR and +\fB--restore\fR are mutually exclusive. .SS "FTP/HTTP OPTIONS" .PP diff --git a/rpmpopt.in b/rpmpopt.in index f8ce35f228..e4270fd8e2 100644 --- a/rpmpopt.in +++ b/rpmpopt.in @@ -52,6 +52,18 @@ rpm alias --setugids -q --qf \ --pipe "(echo 'ch() { chown -h -- \"$1\" \"$3\";chgrp -h -- \"$2\" \"$3\"; }';grep '^ch '|grep -v \(none\))|sh" \ --POPTdesc=$"set user/group ownership of files in a package" +rpm alias --setcaps -q --qf \ + "[\[ -f %{FILENAMES:shescape} -a ! -L %{FILENAMES:shescape} \] \ + && setcap %|FILECAPS?{%{FILECAPS:shescape}}:{''}| %{FILENAMES:shescape}\n]" \ + --pipe "sh" \ + --POPTdesc=$"set capabilities of files in a package" + +rpm alias --restore -q --qf \ + '[ rpm --setugids %{NAME:shescape}; \ + rpm --setperms %{NAME:shescape}; \ + rpm --setcaps %{NAME:shescape}; \n]' --pipe "sh" \ + --POPTdesc=$"restore file/directory permissions" + rpm alias --conflicts --qf \ "[%|VERBOSE?{%{CONFLICTFLAGS:deptype}: }:{}|%{CONFLICTNEVRS}\n]" \ --POPTdesc=$"list capabilities this package conflicts with"