ports/157129: [maintainer] misc/findutils fix usage of su(1) in gupdatedb

[Klaus Aehlig]

>Number:         157129
>Category:       ports
>Synopsis:       [maintainer] misc/findutils fix usage of su(1) in gupdatedb
>Confidential:   no
>Severity:       non-critical
>Priority:       low
>Responsible:    freebsd-ports-bugs
>State:          open
>Quarter:        
>Keywords:       
>Date-Required:
>Class:          maintainer-update
>Submitter-Id:   current-users
>Arrival-Date:   Tue May 17 21:20:08 UTC 2011
>Closed-Date:
>Last-Modified:
>Originator:     Klaus Aehlig
>Release:        FreeBSD 8.2-STABLE amd64
>Organization:
>Environment:
System: FreeBSD kta1c10.sesnet.soton.ac.uk 8.2-STABLE FreeBSD 8.2-STABLE #1: Tue Apr 19 17:22:20 BST 2011 root at kta1c10.sesnet.soton.ac.uk:/usr/obj/usr/src/sys/KTA1C10 amd64

>Description:
	misc/findutils brings a script gupdatedb to update the database for glocate.
        To support restricting the database to only contain readable by a specific
        user (in order to avoid leaking sensitive information from the file structure)
        su(1) is used to call gfind(1). However, the assumption about how to call su(1)
        differs from su(1) as provided by FreeBSD. This has the effect that su(1) fails
        (resulting in an empty database) when a user with nologin as login shell
        is used, like the nobody user.

>How-To-Repeat:
	/usr/local/bin/gupdatedb --localuser=nobody
>Fix:

	add the following patch to the files subdirectory of the port
        and bump PORTREVISION.

--- patch-locate__updatedb.sh begins here ---
--- locate/updatedb.sh.orig	2011-04-03 23:53:12.000000000 +0100
+++ locate/updatedb.sh	2011-05-17 18:20:29.000000000 +0100
@@ -250,7 +250,7 @@
 if test -n "$SEARCHPATHS"; then
   if [ "$LOCALUSER" != "" ]; then
     # : A1
-    su $LOCALUSER `select_shell $LOCALUSER` -c \
+    su -m $LOCALUSER -c \
     "$find $SEARCHPATHS $FINDOPTIONS \
      \\( $prunefs_exp \
      -type d -regex '$PRUNEREGEX' \\) -prune -o $print_option"
@@ -266,7 +266,7 @@
 myuid=`getuid`
 if [ "$myuid" = 0 ]; then
     # : A3
-    su $NETUSER `select_shell $NETUSER` -c \
+    su -m $NETUSER -c \
      "$find $NETPATHS $FINDOPTIONS \\( -type d -regex '$PRUNEREGEX' -prune \\) -o $print_option" ||
     exit $?
   else
@@ -319,7 +319,7 @@
 if test -n "$SEARCHPATHS"; then
   if [ "$LOCALUSER" != "" ]; then
     # : A5
-    su $LOCALUSER `select_shell $LOCALUSER` -c \
+    su -m $LOCALUSER -c \
     "$find $SEARCHPATHS $FINDOPTIONS \
      \( $prunefs_exp \
      -type d -regex '$PRUNEREGEX' \) -prune -o $print_option" || exit $?
@@ -335,7 +335,7 @@
   myuid=`getuid`
   if [ "$myuid" = 0 ]; then
     # : A7
-    su $NETUSER `select_shell $NETUSER` -c \
+    su -m $NETUSER -c \
      "$find $NETPATHS $FINDOPTIONS \\( -type d -regex '$PRUNEREGEX' -prune \\) -o $print_option" ||
     exit $?
   else
--- patch-locate__updatedb.sh ends here ---


>Release-Note:
>Audit-Trail:
>Unformatted: