Bug 238559 - sysutils/bareos-client: installs passwordless
Summary: sysutils/bareos-client: installs passwordless
Status: Open
Alias: None
Product: Ports & Packages
Classification: Unclassified
Component: Individual Port(s) (show other bugs)
Version: Latest
Hardware: Any Any
: --- Affects Many People
Assignee: Jose Alonso Cardenas Marquez
URL:
Keywords: needs-qa
Depends on:
Blocks:
 
Reported: 2019-06-14 10:56 UTC by O. Hartmann
Modified: 2019-06-14 11:06 UTC (History)
0 users

See Also:
bugzilla: maintainer-feedback? (acm)


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description O. Hartmann 2019-06-14 10:56:14 UTC
Prts tree is at r504068. Installation of port sysutils/bareos-client installs a user on the local machine with a potential risc due to the lack of a password or an explicite account lock. vipw reveals after installation this row:

bareos::997:997::0:0:Bareos Daemon:/var/db/bareos:/usr/sbin/nologin

which should be

bareos:*:997:997::0:0:Bareos Daemon:/var/db/bareos:/usr/sbin/nologin

(the asterisk!).
Comment 1 Kubilay Kocak freebsd_committer freebsd_triage 2019-06-14 11:06:59 UTC
This port only uses the ports framework provided method to add users/groups:

USERS=          bareos
GROUPS=         ${USERS}

As such it is unlikely an issue, but if so, an issue that would affect every port that uses it.

Further, note that the user account has the shell set to /usr/sbin/nologin

man 8 nologin shows:

DESCRIPTION
     The nologin utility displays a message that an account is not available
     and exits non-zero.  It is intended as a replacement shell field for
     accounts that have been disabled.