wpkg --no-force-file-info | --refuse-file-info ...

The --no-force-file-info and --refuse-file-info options are used to make sure that the packager fails with an error if a file cannot be written, its permissions properly defined, or its ownership setup as expected.

This behavior is the default. Using one of these options allows you to make sure that the target remains safe.

The --force-file-info option can be used to prevent the failure of a call to chmod or chown from breaking the packager. This is safe whenever you are installing in your own environment (under your /home directory,) however, if you are installing a complete system, it can be a security issue. (i.e. if the wrong user has access to system files, it is definitively not secure.)

You may also want to have a look at the File-Owner and Group-Owner fields.