From owner-freebsd-ports Wed Mar 27 13:10:59 2002 Delivered-To: freebsd-ports@hub.freebsd.org Received: from freefall.freebsd.org (freefall.FreeBSD.org [216.136.204.21]) by hub.freebsd.org (Postfix) with ESMTP id 3245737B423 for ; Wed, 27 Mar 2002 13:10:05 -0800 (PST) Received: (from gnats@localhost) by freefall.freebsd.org (8.11.6/8.11.6) id g2RLA2F39064; Wed, 27 Mar 2002 13:10:02 -0800 (PST) (envelope-from gnats) Received: from smtp.netcologne.de (smtp.netcologne.de [194.8.194.112]) by hub.freebsd.org (Postfix) with ESMTP id 3CD1337B41C for ; Wed, 27 Mar 2002 13:07:17 -0800 (PST) Received: from xdsl-213-168-108-220.netcologne.de (xdsl-213-168-108-220.netcologne.de [213.168.108.220]) by smtp.netcologne.de (8.12.2/8.12.2) with ESMTP id g2RL7BJp027586 for ; Wed, 27 Mar 2002 22:07:12 +0100 (MET) Received: (qmail 17037 invoked by uid 1001); 27 Mar 2002 21:06:15 -0000 Message-Id: <20020327210615.GA16989@laurel.seck.home> Date: Wed, 27 Mar 2002 22:06:15 +0100 From: Thomas Seck Reply-To: Thomas Seck To: FreeBSD-gnats-submit@FreeBSD.org X-Send-Pr-Version: 3.113 Subject: ports/36386: www/squid24 might overwrite perms on log and cache dir during update Sender: owner-freebsd-ports@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org >Number: 36386 >Category: ports >Synopsis: www/squid24 might overwrite perms on log and cache dir during update >Confidential: no >Severity: non-critical >Priority: medium >Responsible: freebsd-ports >State: open >Quarter: >Keywords: >Date-Required: >Class: change-request >Submitter-Id: current-users >Arrival-Date: Wed Mar 27 13:10:02 PST 2002 >Closed-Date: >Last-Modified: >Originator: Thomas Seck >Release: FreeBSD 4.5-STABLE i386 >Organization: private site in Germany >Environment: System: FreeBSD laurel.seck.home 4.5-STABLE FreeBSD 4.5-STABLE #3: Mon Mar 18 21:00:57 CET 2002 tmseck@hardy.seck.home:/usr/obj/usr/src/sys/LAUREL i386 >Description: The installation of squid 2.4 ends with the creation of the log and cache dir in ${PREFIX}/squid/logs and ${PREFIX}/squid/cache. When these directories have been created, a chown nobody:nogroup is done. The script does not check whether these directories already exist and will thus enforce the aforementioned permission even when doing an update. This will unfortunately break an updated installation where the squid process does not run under the 'nobody' account but a dedicated 'squid' account. >How-To-Repeat: Install squid 2.4. Configure it so that it uses a dedicated account other than nobody. Do not place the dedicated account in the 'nogroup' group. Do a chmod $squid_accout:$squid_group on the log and cache directory and change the permissions on these directories to 750. Stop squid, then deinstall and reinstall it via the ports. Start squid and see it barf about not being able to write into the abovementioned dirs. >Fix: Do not try to create the log and cache directory if they already exist. Especially, do not try to be smarter than the administrator regarding permissions on these directories :) The patch: Index: /usr/ports/www/squid24/Makefile =================================================================== RCS file: /home/ncvs/ports/www/squid24/Makefile,v retrieving revision 1.89 diff -u -r1.89 Makefile --- /usr/ports/www/squid24/Makefile 22 Mar 2002 00:19:55 -0000 1.89 +++ /usr/ports/www/squid24/Makefile 27 Mar 2002 20:29:54 -0000 @@ -111,10 +111,14 @@ strip ${PREFIX}/libexec/${file} ; \ fi .endfor - ${MKDIR} ${PREFIX}/squid/logs - ${CHOWN} nobody:nogroup ${PREFIX}/squid/logs - ${MKDIR} ${PREFIX}/squid/cache - ${CHOWN} nobody:nogroup ${PREFIX}/squid/cache + if [ ! -d ${PREFIX}/squid/logs ] ; then \ + ${MKDIR} ${PREFIX}/squid/logs ; \ + ${CHOWN} nobody:nogroup ${PREFIX}/squid/logs ; \ + fi + if [ ! -d ${PREFIX}/squid/cache ] ; then \ + ${MKDIR} ${PREFIX}/squid/cache ; \ + ${CHOWN} nobody:nogroup ${PREFIX}/squid/cache ; \ + fi @if [ ! -f ${PREFIX}/etc/rc.d/squid.sh ]; then \ ${ECHO} "Installing ${PREFIX}/etc/rc.d/squid.sh startup file."; \ ${INSTALL_SCRIPT} -m 751 ${FILESDIR}/squid.sh ${PREFIX}/etc/rc.d/squid.sh; \ >Release-Note: >Audit-Trail: >Unformatted: To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-ports" in the body of the message