[Bug 289138] net/xrdp: Running the xrdp process as non root

https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=289138

            Bug ID: 289138
           Summary: net/xrdp: Running the xrdp process as non root
           Product: Ports & Packages
           Version: Latest
          Hardware: Any
                OS: Any
            Status: New
          Severity: Affects Only Me
          Priority: ---
         Component: Individual Port(s)
          Assignee: meta@FreeBSD.org
          Reporter: eduardo@FreeBSD.org
             Flags: maintainer-feedback?(meta@FreeBSD.org)
          Assignee: meta@FreeBSD.org

It seems that debian have patched xrdp to run as non root and I don't think we
need to follow that path and instead follow upstream recomended instructions:
https://github.com/neutrinolabs/xrdp/wiki/Running-the-xrdp-process-as-non-root

Short, I we can respect it with the following configs:

xrdp.ini:
runtime_user=_xrdp
runtime_group=_xrdp

sesman.ini:
SessionSockdirGroup=_xrdp

permissions [1]:
rsakeys.ini root:_xrdp 640
key.pem: _xrdp:_xrdp 400
cert.pem: _xrdp:_xrdp 400

The is a problem that I cannot solve: certs gen is happening in pkg install
stage, so I can't find a way to change required perms in certs[2] files at this
point.

Questions:

Can we do certs gen in stage instead of pkg install stage? This way the chown
and chmods are easely done and by this removing pkg-install and pkg-deinstall
stages in port.


[1] Need expertise here, this is my guess that we can respect upstream
recommended permissions

[2] After changing xrdp.ini and sesman.ini user and group, xrdp and xrdp-sesman
services will fail due to lack of thos files perms

-- 
You are receiving this mail because:
You are the assignee for the bug.