ports/77366: amavisd-new account creation patch
Scott Balmos
scott.balmos at utoledo.edu
Thu Feb 10 23:20:18 UTC 2005
>Number: 77366
>Category: ports
>Synopsis: amavisd-new account creation patch
>Confidential: no
>Severity: non-critical
>Priority: low
>Responsible: freebsd-ports-bugs
>State: open
>Quarter:
>Keywords:
>Date-Required:
>Class: update
>Submitter-Id: current-users
>Arrival-Date: Thu Feb 10 23:20:17 GMT 2005
>Closed-Date:
>Last-Modified:
>Originator: Scott Balmos
>Release: 5.3-RELEASE
>Organization:
>Environment:
FreeBSD flyingpig.simunex.com 5.3-RELEASE FreeBSD 5.3-RELEASE #5: Fri Nov 12 16:52:26 EST 2004 sbalmos at flyingpig.simunex.com:/usr/obj/usr/src/sys/FLYINGPIG i386
>Description:
The port of amavisd-new (security/amavisd-new) creates a user account and group, vscan/vscan, for Amavis to run under. However, the command to pw which creates the account does not specify a UID. Thus, the account is created using the next available normal user uid, not with a uid normally reserved in the "system account" space (uid/gid <1000). This can be annoying to systems set up with user account managers that do not use pw and /etc/master.password, and are shared across multiple servers (e.g. LDAP). vscan on one box could be 1002, on another box could be 1010, etc, depending on how many regular user accounts were created before the amavisd-new port was installed.
It would be better if the vscan user was created using an explicit "system account" uid/gid, such as uid/gid 102 (which doesn't seem to be used by any port that I know of).
>How-To-Repeat:
Load a fresh FreeBSD box. Create a few normal user accounts (e.g. ones that are auto-assigned uid's, incrementing starting from uid 1000).
Install security/amavisd-new somewhere along the line.
pw usershow vscan and pw groupshow vscan. Note they are also given auto-assigned uid's.
>Fix:
Explicitly assign uid/gid 102 to vscan.
--- /usr/ports/security/amavisd-new/files/INSTALL.tmpl Thu Aug 12 08:44:03 2004
+++ INSTALL.tmpl Thu Feb 10 18:17:39 2005
@@ -13,7 +13,7 @@
if /usr/sbin/pw groupshow "${GROUP}" 2>/dev/null; then
echo "You already have a group \"${GROUP}\", so I will use it."
else
- if /usr/sbin/pw groupadd ${GROUP} -h -
+ if /usr/sbin/pw groupadd ${GROUP} -h -g 102 -
then
echo "Added group \"${GROUP}\"."
else
@@ -29,7 +29,8 @@
if /usr/sbin/pw useradd ${USER} -g ${GROUP} -h - \
-d ${DIR} \
-s /bin/sh \
- -c "Scanning Virus Account"
+ -c "Scanning Virus Account" \
+ -u 102
then
echo "Added user \"${USER}\"."
else
>Release-Note:
>Audit-Trail:
>Unformatted:
More information about the freebsd-ports-bugs
mailing list