dpkg-statoverride

dpkg-statoverride [option...] command

--update
    Update an existing override (instead of creating a new one).

--add user group mode file
    Add a new override.

--remove file
    Remove an existing override.

--list [file]
    List existing overrides. If a file is specified, only list overrides for that file.

--help
    Show help message.

--version
    Show version information.

dpkg-statoverride is a command-line utility in Debian-based Linux distributions used to manage the list of file ownership and mode overrides. It allows administrators to ensure that particular files always have specific ownership and permissions, regardless of what the installed package specifies. This is especially useful in situations where local customizations are needed that would otherwise be overwritten by package updates. The overrides are stored in the /var/lib/dpkg/statoverride file. When a package is installed or upgraded, dpkg consults this file. If an entry exists for a file included in the package, the ownership and mode from the override are applied, instead of those provided by the package. This enables administrators to manage specific files in a way that is independent of the package's default settings. These changes will persist even after system upgrades, ensuring consistent file permissions and ownerships.

Incorrect use of dpkg-statoverride can lead to security vulnerabilities or application malfunctions if file ownership or permissions are not set correctly. It's crucial to understand the impact of changes before applying them. Furthermore, it is recommended to maintain a record of all overrides created, especially in production environments.

dpkg-statoverride returns 0 on success, and a non-zero value on error. Errors can occur if the specified file does not exist, or if there are syntax errors in the command-line arguments.

• Setting specific permissions for a log file: dpkg-statoverride --add syslog syslog 0640 /var/log/mylog
• Ensuring a configuration file is owned by a particular user: dpkg-statoverride --add www-data www-data 0644 /etc/myapp/config.ini
• Listing all overrides: dpkg-statoverride --list
• Removing an override: dpkg-statoverride --remove /etc/myapp/config.ini

dpkg-statoverride has been a core component of the dpkg package management system since its early development. It was created to address the need for administrators to manage local file customizations independently of package updates. The tool's functionality has remained relatively consistent over time, with updates primarily focused on bug fixes and improved error handling.
The original intention was to provide a mechanism for preserving specific file permissions and ownership even when packages are updated or reinstalled.
This feature is used to fix scenarios where the default package settings are insufficient or incorrect for the local environment.

dpkg(1), chmod(1), chown(1)