From owner-freebsd-current@FreeBSD.ORG Thu Dec 13 16:00:48 2012 Return-Path: Delivered-To: freebsd-current@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [69.147.83.52]) by hub.freebsd.org (Postfix) with ESMTP id B76D1C30; Thu, 13 Dec 2012 16:00:48 +0000 (UTC) (envelope-from brooks@lor.one-eyed-alien.net) Received: from lor.one-eyed-alien.net (lor.one-eyed-alien.net [69.66.77.232]) by mx1.freebsd.org (Postfix) with ESMTP id 0CDC08FC14; Thu, 13 Dec 2012 16:00:46 +0000 (UTC) Received: from lor.one-eyed-alien.net (localhost [127.0.0.1]) by lor.one-eyed-alien.net (8.14.5/8.14.5) with ESMTP id qBDG0dWv062654; Thu, 13 Dec 2012 10:00:39 -0600 (CST) (envelope-from brooks@lor.one-eyed-alien.net) Received: (from brooks@localhost) by lor.one-eyed-alien.net (8.14.5/8.14.5/Submit) id qBDG0cxN062653; Thu, 13 Dec 2012 10:00:38 -0600 (CST) (envelope-from brooks) Date: Thu, 13 Dec 2012 10:00:38 -0600 From: Brooks Davis To: "Robert N. M. Watson" Subject: Re: Distributed audit daemon committed (was: svn commit: r243752 - in head: etc etc/defaults etc/mail etc/mtree etc/rc.d share/man/man4 usr.sbin usr.sbin/auditdistd (fwd)) Message-ID: <20121213160038.GE40927@lor.one-eyed-alien.net> References: <50BA7158.1040302@fgznet.ch> <50BB136F.4040509@zedat.fu-berlin.de> <0857C6CA-31DF-441D-B30E-F7DB2492C213@freebsd.org> MIME-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha1; protocol="application/pgp-signature"; boundary="zaRBsRFn0XYhEU69" Content-Disposition: inline In-Reply-To: <0857C6CA-31DF-441D-B30E-F7DB2492C213@freebsd.org> User-Agent: Mutt/1.5.21 (2010-09-15) Cc: "O. Hartmann" , FreeBSD Current , Ryan Stone X-BeenThere: freebsd-current@freebsd.org X-Mailman-Version: 2.1.14 Precedence: list List-Id: Discussions about the use of FreeBSD-current List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 13 Dec 2012 16:00:48 -0000 --zaRBsRFn0XYhEU69 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On Sun, Dec 02, 2012 at 03:43:22PM +0000, Robert N. M. Watson wrote: >=20 > On 2 Dec 2012, at 15:34, Ryan Stone wrote: >=20 > > On Sun, Dec 2, 2012 at 8:05 AM, Robert Watson wro= te: > >=20 > > Just to follow up on this thread, since the question has come up a numb= er of times. "mergemaser -p" should be run prior to installworld always, b= ut most of the time will do very little. One of its responsibilities is to= add any necessary accounts and groups depended on by base system component= s -- e.g., that will be referenced during installworld as part of setting f= ile ownership and groups. > >=20 > > I often use "make installworld installkernel distribution DESTDIR=3D...= " to create bootable images (e.g. for a USB stick). What's the recommendat= ion for that case? Manually create the auditdistd user on the build host? >=20 > Yes, that's probably the best short-term bet. >=20 > In the longer term, it would be nice of installworld could not only gener= ate an mtree on the side rather than directly chmod/chowning the files (Bro= oks Davis has patches for this), but also use UIDs/GIDs from a user databas= e directly rather than assuming that the host where you are constructing th= e image has the same notion of users and groups. This is especially importa= nt if we want to support cross-building embedded images from Linux, Mac OS = X, etc, in the future. >=20 One useful feature of NetBSD's install is that we can use passwd and group databases other than the one in /. You would obviously use this when doing an unprivileged install, but you might also want to do it for a privileged install as well which would fix this bootstrapping problem. -- Brooks --zaRBsRFn0XYhEU69 Content-Type: application/pgp-signature -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.11 (FreeBSD) iD8DBQFQyfumXY6L6fI4GtQRAmGZAKCd0T5MftevJmM44yWAYXRMDL89CQCfb0dk wVRJpCNCZHf/qRTwnFJx68g= =TdhV -----END PGP SIGNATURE----- --zaRBsRFn0XYhEU69--