Bug 77366

Summary: amavisd-new account creation patch
Product: Ports & Packages Reporter: Scott Balmos <scott.balmos>
Component: Individual Port(s)Assignee: Yen-Ming Lee <leeym>
Status: Closed FIXED    
Severity: Affects Only Me    
Priority: Normal    
Version: Latest   
Hardware: Any   
OS: Any   
Attachments:
Description Flags
file.diff none

Description Scott Balmos 2005-02-10 23:20:17 UTC
The port of amavisd-new (security/amavisd-new) creates a user account and group, vscan/vscan, for Amavis to run under. However, the command to pw which creates the account does not specify a UID. Thus, the account is created using the next available normal user uid, not with a uid normally reserved in the "system account" space (uid/gid <1000). This can be annoying to systems set up with user account managers that do not use pw and /etc/master.password, and are shared across multiple servers (e.g. LDAP). vscan on one box could be 1002, on another box could be 1010, etc, depending on how many regular user accounts were created before the amavisd-new port was installed.

It would be better if the vscan user was created using an explicit "system account" uid/gid, such as uid/gid 102 (which doesn't seem to be used by any port that I know of).

Fix: Explicitly assign uid/gid 102 to vscan.
How-To-Repeat: Load a fresh FreeBSD box. Create a few normal user accounts (e.g. ones that are auto-assigned uid's, incrementing starting from uid 1000).

Install security/amavisd-new somewhere along the line.

pw usershow vscan and pw groupshow vscan. Note they are also given auto-assigned uid's.
Comment 1 Scott Balmos 2005-02-10 23:37:26 UTC
Oops... Mistake here. Didn't check Sect. 17.12 of the Porter's Handbook 
first. :(

New suggested uid/gid: 110

--- /usr/ports/security/amavisd-new/files/INSTALL.tmpl  Thu Aug 12 
08:44:03 2004
+++ INSTALL.tmpl        Thu Feb 10 18:17:39 2005
@@ -13,7 +13,7 @@
     if /usr/sbin/pw groupshow "${GROUP}" 2>/dev/null; then
        echo "You already have a group \"${GROUP}\", so I will use it."
     else
-       if /usr/sbin/pw groupadd ${GROUP} -h -
+       if /usr/sbin/pw groupadd ${GROUP} -h -g 102 -
        then
            echo "Added group \"${GROUP}\"."
        else
@@ -29,7 +29,8 @@
        if /usr/sbin/pw useradd ${USER} -g ${GROUP} -h - \
           -d ${DIR} \
           -s /bin/sh \
-          -c "Scanning Virus Account"
+          -c "Scanning Virus Account" \
+          -u 110
        then
            echo "Added user \"${USER}\"."
        else
Comment 2 Yen-Ming Lee freebsd_committer 2005-02-11 20:17:25 UTC
Responsible Changed
From-To: freebsd-ports-bugs->leeym

I will take care of this PR.
Comment 3 Yen-Ming Lee freebsd_committer 2005-02-11 20:19:10 UTC
Hi, maintainer,

Could you please take a look on this patch?
http://www.freebsd.org/cgi/query-pr.cgi?pr=ports/77366

regards,
-- 
Yen-Ming Lee [utf7:+Z05fZWYO] | KeyID:0x5EB52E51 | Taipei, Taiwan
Comment 4 Blaz Zupan 2005-02-13 12:12:02 UTC
> Could you please take a look on this patch?
> http://www.freebsd.org/cgi/query-pr.cgi?pr=ports/77366

Approved. Don't forget to reserve the UIDs in the porters handbook and to 
increase the portrevision.
Comment 5 Yen-Ming Lee freebsd_committer 2005-02-13 21:07:49 UTC
State Changed
From-To: open->closed

Committed, thanks.