Date: Wed, 27 Mar 2002 22:06:15 +0100 From: Thomas Seck <tmseck@netcologne.de> To: FreeBSD-gnats-submit@FreeBSD.org Subject: ports/36386: www/squid24 might overwrite perms on log and cache dir during update Message-ID: <20020327210615.GA16989@laurel.seck.home>
next in thread | raw e-mail | index | archive | help
>Number: 36386
>Category: ports
>Synopsis: www/squid24 might overwrite perms on log and cache dir during update
>Confidential: no
>Severity: non-critical
>Priority: medium
>Responsible: freebsd-ports
>State: open
>Quarter:
>Keywords:
>Date-Required:
>Class: change-request
>Submitter-Id: current-users
>Arrival-Date: Wed Mar 27 13:10:02 PST 2002
>Closed-Date:
>Last-Modified:
>Originator: Thomas Seck
>Release: FreeBSD 4.5-STABLE i386
>Organization:
private site in Germany
>Environment:
System: FreeBSD laurel.seck.home 4.5-STABLE FreeBSD 4.5-STABLE #3: Mon Mar 18 21:00:57 CET 2002 tmseck@hardy.seck.home:/usr/obj/usr/src/sys/LAUREL i386
>Description:
The installation of squid 2.4 ends with the creation of the log and
cache dir in ${PREFIX}/squid/logs and ${PREFIX}/squid/cache. When these
directories have been created, a chown nobody:nogroup is done. The
script does not check whether these directories already exist and will
thus enforce the aforementioned permission even when doing an update.
This will unfortunately break an updated installation where the squid
process does not run under the 'nobody' account but a dedicated 'squid'
account.
>How-To-Repeat:
Install squid 2.4. Configure it so that it uses a dedicated account
other than nobody. Do not place the dedicated account in the 'nogroup'
group. Do a chmod $squid_accout:$squid_group on the log and cache
directory and change the permissions on these directories to 750. Stop
squid, then deinstall and reinstall it via the ports. Start squid and
see it barf about not being able to write into the abovementioned dirs.
>Fix:
Do not try to create the log and cache directory if they already exist.
Especially, do not try to be smarter than the administrator regarding
permissions on these directories :)
The patch:
Index: /usr/ports/www/squid24/Makefile
===================================================================
RCS file: /home/ncvs/ports/www/squid24/Makefile,v
retrieving revision 1.89
diff -u -r1.89 Makefile
--- /usr/ports/www/squid24/Makefile 22 Mar 2002 00:19:55 -0000 1.89
+++ /usr/ports/www/squid24/Makefile 27 Mar 2002 20:29:54 -0000
@@ -111,10 +111,14 @@
strip ${PREFIX}/libexec/${file} ; \
fi
.endfor
- ${MKDIR} ${PREFIX}/squid/logs
- ${CHOWN} nobody:nogroup ${PREFIX}/squid/logs
- ${MKDIR} ${PREFIX}/squid/cache
- ${CHOWN} nobody:nogroup ${PREFIX}/squid/cache
+ if [ ! -d ${PREFIX}/squid/logs ] ; then \
+ ${MKDIR} ${PREFIX}/squid/logs ; \
+ ${CHOWN} nobody:nogroup ${PREFIX}/squid/logs ; \
+ fi
+ if [ ! -d ${PREFIX}/squid/cache ] ; then \
+ ${MKDIR} ${PREFIX}/squid/cache ; \
+ ${CHOWN} nobody:nogroup ${PREFIX}/squid/cache ; \
+ fi
@if [ ! -f ${PREFIX}/etc/rc.d/squid.sh ]; then \
${ECHO} "Installing ${PREFIX}/etc/rc.d/squid.sh startup file."; \
${INSTALL_SCRIPT} -m 751 ${FILESDIR}/squid.sh ${PREFIX}/etc/rc.d/squid.sh; \
>Release-Note:
>Audit-Trail:
>Unformatted:
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-ports" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20020327210615.GA16989>