dpkg-statoverride

dpkg-statoverride [option...] command
dpkg-statoverride --list
dpkg-statoverride --add <owner> <group> <mode> <file>
dpkg-statoverride --del <file>
dpkg-statoverride --force --add <owner> <group> <mode> <file>

--list
    Lists all current stat overrides that are registered with dpkg.

--add <owner> <group> <mode> <file>
    Adds a new stat override for the specified <file>. <owner> can be a numeric UID or user name, <group> a numeric GID or group name, and <mode> an octal permission mode (e.g., 0755).

--del <file>
    Deletes the stat override entry for the specified <file> from the list.

--force
    Used with --add to force the addition of an override even if an entry for the specified <file> already exists, overwriting the old one.

<owner>
    The desired owner for the <file>. Can be a username or a numeric UID.

<group>
    The desired group for the <file>. Can be a group name or a numeric GID.

<mode>
    The desired permission mode for the <file>, expressed in octal notation (e.g., 0644 for rw-r--r--).

<file>
    The absolute path to the file for which the override should be applied or removed.

--help
    Displays a short usage message and exits.

--version
    Displays the program version and exits.

dpkg-statoverride is a utility within the Debian package management system (dpkg) used to manage a persistent list of file permission and ownership overrides. When a package is installed or upgraded, dpkg checks this list. If a file owned by the package matches an entry in the statoverride list, dpkg will apply the specified owner, group, and permission mode to that file, rather than using the default values defined by the package itself.

This is particularly useful for system administrators who need to customize file permissions for security reasons or specific system configurations without having their changes reverted during package updates. It ensures that local modifications to critical file attributes are maintained across package operations. The command allows adding, deleting, and listing these overrides.

Overrides are applied by dpkg only when a package modifies or installs the specified file. If a file is not touched by a package operation, the override will not be re-applied.
Careless use can lead to security vulnerabilities or system instability if incorrect permissions are set.
The statoverride list is stored in /var/lib/dpkg/statoverride and should not be manually edited; dpkg-statoverride is the designated tool for its management.

All stat override entries are persistently stored in the file /var/lib/dpkg/statoverride. It is crucial to manage this file exclusively using the dpkg-statoverride command to ensure its integrity and prevent corruption of the override database.

The specified overrides are not applied immediately upon creation with dpkg-statoverride. Instead, they are applied by the dpkg daemon when it processes package files that match an override entry during installation, upgrade, or unpacking operations. This ensures that the correct permissions and ownership are set when the files are deployed or updated.

dpkg-statoverride is an integral part of the dpkg package management suite, primarily used in Debian-based operating systems. Its functionality has been stable for a significant period, addressing the long-standing need for system administrators to maintain specific file attribute customizations (ownership and permissions) across package installations and upgrades, preventing their local changes from being inadvertently overwritten by package defaults.

dpkg(1), dpkg-reconfigure(8), chmod(1), chown(1)