Date: Wed, 22 May 2002 18:56:29 -0500 (CDT) From: "Scot W. Hetzel" <hetzels@westbend.net> To: FreeBSD-gnats-submit@FreeBSD.org Subject: ports/38434: security/cyrus-sasl: Don't set a shell for the cyrus user Message-ID: <200205222356.g4MNuT4u098865@wbiW009.westbend.net>
next in thread | raw e-mail | index | archive | help
>Number: 38434
>Category: ports
>Synopsis: security/cyrus-sasl: Don't set a shell for the cyrus user
>Confidential: no
>Severity: non-critical
>Priority: low
>Responsible: freebsd-ports
>State: open
>Quarter:
>Keywords:
>Date-Required:
>Class: maintainer-update
>Submitter-Id: current-users
>Arrival-Date: Wed May 22 17:00:06 PDT 2002
>Closed-Date:
>Last-Modified:
>Originator: Scot W. Hetzel
>Release: FreeBSD 4.5-STABLE i386
>Organization:
West Bend Internet
>Environment:
System:
FreeBSD wbiW009.westbend.net 4.5-STABLE FreeBSD 4.5-STABLE #7: Wed Apr 24 10:46:07 CDT 2002 root@wbiW009.westbend.net:/usr/obj/usr/src/sys/GENERIC-SMP i386
>Description:
In PR 38363, pkg-install was changed to specify a shell (/sbin/csh) for
the cyrus user. The need for assigning the shell was due to the cyrus-imapd
ports require the cyrus user to have a shell in order to use the cyrus-imapd
utilites that work on the imapd spool.
This has caused concern from the other users of the cyrus-sasl port, who
don't want/need a shell assigned to this user.
>How-To-Repeat:
Install Postfix w/SASL support, a shell is now given to the cyrus user.
>Fix:
The attached patch reverts cyrus-sasl to the previous behavior. Two PRs for the
mail/cyrus & mail/cyrus-imapd ports will be submitted shortly.
Changed Files:
pkg-deinstall
pkg-install
Index: pkg-deinstall
===================================================================
RCS file: /home/ncvs/ports/security/cyrus-sasl/pkg-deinstall,v
retrieving revision 1.4
diff -u -r1.4 pkg-deinstall
--- pkg-deinstall 21 May 2002 15:08:58 -0000 1.4
+++ pkg-deinstall 22 May 2002 23:15:14 -0000
@@ -28,6 +28,9 @@
if pw usershow cyrus 2>/dev/null 1>&2; then
echo "To delete Cyrus user permanently, use 'pw userdel cyrus'"
fi
+ if pw groupshow cyrus 2>/dev/null 1>&2; then
+ echo "To delete Cyrus group permanently, use 'pw groupdel cyrus'"
+ fi
}
Index: pkg-install
===================================================================
RCS file: /home/ncvs/ports/security/cyrus-sasl/pkg-install,v
retrieving revision 1.7
diff -u -r1.7 pkg-install
--- pkg-install 21 May 2002 15:08:58 -0000 1.7
+++ pkg-install 22 May 2002 19:58:09 -0000
@@ -18,51 +18,57 @@
#
create_user() {
- if [ ! -x /usr/sbin/pw ]; then
- echo "*** Please add a user and a group named \`cyrus' before installing this package."
- exit 69
- fi
+ USER=cyrus
+ GROUP=cyrus
+ PW=/usr/sbin/pw
+
+ if [ -x /sbin/nologin ]; then
+ shell=/sbin/nologin
+ else
+ shell=/nonexistent
+ fi
+ uhome="/nonexistent"
- if ! pw show group cyrus -q >/dev/null; then
+ if ! ${PW} show group ${GROUP} -q >/dev/null; then
gid=60
- while pw show group -g ${gid} -q >/dev/null; do
+ while ${PW} show group -g ${gid} -q >/dev/null; do
gid=`expr ${gid} + 1`
done
- if ! pw add group cyrus -g ${gid}; then
+ if ! ${PW} add group ${GROUP} -g ${gid}; then
e=$?
- echo "*** Failed to add group \`cyrus'. Please add it manually."
+ echo "*** Failed to add group \`${GROUP}'. Please add it manually."
exit ${e}
fi
- echo "*** Added group \`cyrus' (id ${gid})"
+ echo "*** Added group \`${GROUP}' (id ${gid})"
else
- gid=`pw show group cyrus 2>/dev/null | cut -d: -f3`
+ gid=`${PW} show group ${GROUP} 2>/dev/null | cut -d: -f3`
fi
- if ! pw show user cyrus -q >/dev/null; then
+ if ! ${PW} show user ${USER} -q >/dev/null; then
uid=60
- while pw show user -u ${uid} -q >/dev/null; do
+ while ${PW} show user -u ${uid} -q >/dev/null; do
uid=`expr ${uid} + 1`
done
- if ! pw add user cyrus -u ${uid} -g ${gid} -d "${PKG_PREFIX}/cyrus" \
- -c "the cyrus mail server" -s "/bin/csh" -p "*" \
+ if ! ${PW} add user ${USER} -u ${uid} -g ${gid} -d "${uhome}" \
+ -c "the cyrus mail server" -s "${shell}" -p "*" \
; then
e=$?
- echo "*** Failed to add user \`cyrus'. Please add it manually."
+ echo "*** Failed to add user \`${USER}'. Please add it manually."
exit ${e}
fi
- echo "*** Added user \`cyrus' (id ${uid})"
+ echo "*** Added user \`${USER}' (id ${uid})"
else
- if ! pw mod user cyrus -g ${gid} -d "${PKG_PREFIX}/cyrus" \
- -c "the cyrus mail server" -s "/bin/csh" -p "*" \
+ if ! ${PW} mod user ${USER} -g ${gid} -d "${uhome}" \
+ -c "the cyrus mail server" -s "${shell}" -p "*" \
; then
e=$?
- echo "*** Failed to update user \`cyrus'."
+ echo "*** Failed to update user \`${USER}'."
exit ${e}
fi
- echo "*** Updated user \`cyrus'."
+ echo "*** Updated user \`${USER}'."
fi
- if ! pw group mod cyrus -m daemon; then
- echo "*** can't add user \`daemon' to group \`cyrus'"
+ if ! ${PW} group mod ${USER} -m daemon; then
+ echo "*** can't add user \`${USER}' to group \`${GROUP}'"
fi
}
>Release-Note:
>Audit-Trail:
>Unformatted:
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-ports" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200205222356.g4MNuT4u098865>