Package: pdns-server
Version: 4.9.1-1
Severity: wishlist

Dear Maintainer,

While investigating why git kept complaining about the permissions of
/etc/powerdns/pdns.conf, I found that pdns-server.postinst was resetting
them after every upgrade:
case "$1" in
configure)
addgroup --quiet --system pdns
adduser --quiet --system --home /var/spool/powerdns --shell /bin/false --ingroup pdns --disabled-password --disabled-login --gecos "PowerDNS" pdns
chown root:pdns /etc/powerdns/pdns.conf || true
chmod 0640 /etc/powerdns/pdns.conf || true

If such a line is needed at all, it should be made optional in some way.
For example, several scripts run 'dpkg-statoverride --list' on a file,
and avoid changing its permissions when an entry is present.

- Michael


-- System Information:
Debian Release: trixie/sid
APT prefers unstable-debug
APT policy: (500, 'unstable-debug'), (500, 'unstable'), (1, 'experimental')
Architecture: amd64 (x86_64)

Kernel: Linux 6.8.12-amd64 (SMP w/32 CPU threads; PREEMPT)
Kernel taint flags: TAINT_WARN
Locale: LANG=en_CA.UTF-8, LC_CTYPE=en_CA.UTF-8 (charmap=UTF-8), LANGUAGE=en_CA:en
Shell: /bin/sh linked to /usr/bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled

Versions of packages pdns-server depends on:
ii adduser 3.137
ii libboost-program-options1.83.0 1.83.0-3
ii libc6 2.38-13
ii libcurl4t64 8.8.0-1
ii libgcc-s1 14.1.0-2
ii libluajit-5.1-2 2.1.0+openresty20240314-1
ii libp11-kit0 0.25.3-5
ii libsodium23 1.0.18-1+b1
ii libsqlite3-0 3.46.0-1
ii libssl3t64 3.2.2-1
ii libstdc++6 14.1.0-2
ii libsystemd0 256.1-1

Versions of packages pdns-server recommends:
ii pdns-backend-bind 4.9.1-1

Versions of packages pdns-server suggests:
ii pdns-backend-bind [pdns-backend] 4.9.1-1
ii pdns-backend-pipe [pdns-backend] 4.9.1-1
ii pdns-backend-remote [pdns-backend] 4.9.1-1
ii pdns-backend-sqlite3 [pdns-backend] 4.9.1-1

-- Configuration Files:
/etc/powerdns/pdns.conf [Errno 13] Permission denied: '/etc/powerdns/pdns.conf'

-- no debconf information