Bug 77366 - amavisd-new account creation patch
Summary: amavisd-new account creation patch
Status: Closed FIXED
Alias: None
Product: Ports & Packages
Classification: Unclassified
Component: Individual Port(s) (show other bugs)
Version: Latest
Hardware: Any Any
: Normal Affects Only Me
Assignee: Yen-Ming Lee
URL:
Keywords:
Depends on:
Blocks:
 
Reported: 2005-02-10 23:20 UTC by Scott Balmos
Modified: 2005-02-13 21:07 UTC (History)
0 users

See Also:


Attachments
file.diff (752 bytes, patch)
2005-02-10 23:20 UTC, Scott Balmos
no flags Details | Diff

Note You need to log in before you can comment on or make changes to this bug.
Description Scott Balmos 2005-02-10 23:20:17 UTC
The port of amavisd-new (security/amavisd-new) creates a user account and group, vscan/vscan, for Amavis to run under. However, the command to pw which creates the account does not specify a UID. Thus, the account is created using the next available normal user uid, not with a uid normally reserved in the "system account" space (uid/gid <1000). This can be annoying to systems set up with user account managers that do not use pw and /etc/master.password, and are shared across multiple servers (e.g. LDAP). vscan on one box could be 1002, on another box could be 1010, etc, depending on how many regular user accounts were created before the amavisd-new port was installed.

It would be better if the vscan user was created using an explicit "system account" uid/gid, such as uid/gid 102 (which doesn't seem to be used by any port that I know of).

Fix: Explicitly assign uid/gid 102 to vscan.
How-To-Repeat: Load a fresh FreeBSD box. Create a few normal user accounts (e.g. ones that are auto-assigned uid's, incrementing starting from uid 1000).

Install security/amavisd-new somewhere along the line.

pw usershow vscan and pw groupshow vscan. Note they are also given auto-assigned uid's.
Comment 1 Scott Balmos 2005-02-10 23:37:26 UTC
Oops... Mistake here. Didn't check Sect. 17.12 of the Porter's Handbook 
first. :(

New suggested uid/gid: 110

--- /usr/ports/security/amavisd-new/files/INSTALL.tmpl  Thu Aug 12 
08:44:03 2004
+++ INSTALL.tmpl        Thu Feb 10 18:17:39 2005
@@ -13,7 +13,7 @@
     if /usr/sbin/pw groupshow "${GROUP}" 2>/dev/null; then
        echo "You already have a group \"${GROUP}\", so I will use it."
     else
-       if /usr/sbin/pw groupadd ${GROUP} -h -
+       if /usr/sbin/pw groupadd ${GROUP} -h -g 102 -
        then
            echo "Added group \"${GROUP}\"."
        else
@@ -29,7 +29,8 @@
        if /usr/sbin/pw useradd ${USER} -g ${GROUP} -h - \
           -d ${DIR} \
           -s /bin/sh \
-          -c "Scanning Virus Account"
+          -c "Scanning Virus Account" \
+          -u 110
        then
            echo "Added user \"${USER}\"."
        else
Comment 2 Yen-Ming Lee freebsd_committer 2005-02-11 20:17:25 UTC
Responsible Changed
From-To: freebsd-ports-bugs->leeym

I will take care of this PR.
Comment 3 Yen-Ming Lee freebsd_committer 2005-02-11 20:19:10 UTC
Hi, maintainer,

Could you please take a look on this patch?
http://www.freebsd.org/cgi/query-pr.cgi?pr=ports/77366

regards,
-- 
Yen-Ming Lee [utf7:+Z05fZWYO] | KeyID:0x5EB52E51 | Taipei, Taiwan
Comment 4 Blaz Zupan 2005-02-13 12:12:02 UTC
> Could you please take a look on this patch?
> http://www.freebsd.org/cgi/query-pr.cgi?pr=ports/77366

Approved. Don't forget to reserve the UIDs in the porters handbook and to 
increase the portrevision.
Comment 5 Yen-Ming Lee freebsd_committer 2005-02-13 21:07:49 UTC
State Changed
From-To: open->closed

Committed, thanks.