use _apt:root only for partial directories

Using a different user for calling methods is intended to protect us
from methods running amok (via remotely exploited bugs) by limiting what
can be done by them. By using root:root for the final directories and
just have the files in partial writeable by the methods we enhance this
in sofar as a method can't modify already verified data in its parent
directory anymore.

As a side effect, this also clears most of the problems you could have
if the final directories are shared without user-sharing or if these
directories disappear as they are now again root owned and only the
partial directories contain _apt owned files (usually none if apt isn't
running) and the directory itself is autocreated with the right
permissions.

1 files changed, 9 insertions, 6 deletions

diff --git a/debian/apt.postinst b/debian/apt.postinst
index 01f78a1dd..b8f3edbe5 100755
--- a/debian/apt.postinst
+++ b/debian/apt.postinst
@@ -35,12 +35,15 @@ case "$1" in
 	    fi
 	fi
 
-        # add unprivileged user for the apt methods
-        adduser --force-badname --system -home /var/empty \
-            --no-create-home --quiet _apt || true
-        chown -R _apt:root \
-            /var/lib/apt/lists \
-            /var/cache/apt/archives
+	# add unprivileged user for the apt methods
+	adduser --force-badname --system -home /var/empty \
+	    --no-create-home --quiet _apt || true
+
+	# deal with upgrades from experimental
+	if dpkg --compare-versions "$2" 'eq' '1.1~exp3'; then
+	    # libapt will setup partial/ at runtime
+	    chown -R root:root /var/lib/apt/lists /var/cache/apt/archives || true
+	fi
 
         # ensure tighter permissons on the logs, see LP: #975199
         if dpkg --compare-versions "$2" lt-nl 0.9.7.7; then