Date: 27 Jul 2006 01:42:40 -0000 From: andrew@arda.homeunix.net To: FreeBSD-gnats-submit@FreeBSD.org Subject: ports/100900: New port: security/courieruserinfo A utility for retrieving user account information. Message-ID: <20060727014240.87009.qmail@arda.homeunix.net> Resent-Message-ID: <200607270150.k6R1oF93067159@freefall.freebsd.org>
next in thread | raw e-mail | index | archive | help
>Number: 100900 >Category: ports >Synopsis: New port: security/courieruserinfo A utility for retrieving user account information. >Confidential: no >Severity: non-critical >Priority: low >Responsible: freebsd-ports-bugs >State: open >Quarter: >Keywords: >Date-Required: >Class: change-request >Submitter-Id: current-users >Arrival-Date: Thu Jul 27 01:50:14 GMT 2006 >Closed-Date: >Last-Modified: >Originator: Andrew St. Jean >Release: FreeBSD 5.4-RELEASE i386 >Organization: >Environment: System: FreeBSD lorien.arda.homeunix.net 5.4-RELEASE FreeBSD 5.4-RELEASE #0: Thu Mar 2 22:54:06 EST 2006 root@lorien.arda.homeunix.net:/usr/src/sys/i386/compile/LORIEN540 i386 >Description: courieruserinfo is a utility for retrieving user account information. Account information is accessed through the courier-authlib authentication library. WWW: http://www.arda.homeunix.net/store/ >How-To-Repeat: >Fix: # This is a shell archive. Save it in a file, remove anything before # this line, and then unpack it by entering "sh file". Note, it may # create directories; files and directories will be owned by you and # have default permissions. # # This archive contains: # # /usr/ports/security/courieruserinfo/ # /usr/ports/security/courieruserinfo/Makefile # /usr/ports/security/courieruserinfo/pkg-plist # /usr/ports/security/courieruserinfo/pkg-message # /usr/ports/security/courieruserinfo/pkg-descr # /usr/ports/security/courieruserinfo/distinfo # echo c - /usr/ports/security/courieruserinfo/ mkdir -p /usr/ports/security/courieruserinfo/ > /dev/null 2>&1 echo x - /usr/ports/security/courieruserinfo/Makefile sed 's/^X//' >/usr/ports/security/courieruserinfo/Makefile << 'END-of-/usr/ports/security/courieruserinfo/Makefile' XPORTNAME= courieruserinfo XPORTVERSION= 1.1.2 XCATEGORIES= security mail XMASTER_SITES= http://www.arda.homeunix.net/store/ X XMAINTAINER= andrew@arda.homeunix.net XCOMMENT= User account information retrieval utility X XBUILD_DEPENDS= courierauthconfig:${PORTSDIR}/security/courier-authlib-base XRUN_DEPENDS= courierauthconfig:${PORTSDIR}/security/courier-authlib-base X XGNU_CONFIGURE= yes XUSE_GMAKE= yes XCPPFLAGS+= -I${LOCALBASE}/include XLDFLAGS+= -L${LOCALBASE}/lib XCONFIGURE_ENV= CPPFLAGS='${CPPFLAGS}' LDFLAGS='${LDFLAGS}' X XCONFIGURE_TARGET= --build=${MACHINE_ARCH}-portbld-freebsd${OSREL} X XMAN8= courieruserinfo.8 X Xpost-install: X.if !defined(NOPORTDOCS) X ${MKDIR} ${DOCSDIR} X ${INSTALL_DATA} ${WRKSRC}/AUTHORS ${DOCSDIR} X ${INSTALL_DATA} ${WRKSRC}/ChangeLog ${DOCSDIR} X ${INSTALL_DATA} ${WRKSRC}/COPYING ${DOCSDIR} X ${INSTALL_DATA} ${WRKSRC}/INSTALL ${DOCSDIR} X ${INSTALL_DATA} ${WRKSRC}/NEWS ${DOCSDIR} X ${INSTALL_DATA} ${WRKSRC}/README ${DOCSDIR} X.endif X @${CAT} ${PKGMESSAGE} X X.include <bsd.port.mk> END-of-/usr/ports/security/courieruserinfo/Makefile echo x - /usr/ports/security/courieruserinfo/pkg-plist sed 's/^X//' >/usr/ports/security/courieruserinfo/pkg-plist << 'END-of-/usr/ports/security/courieruserinfo/pkg-plist' Xsbin/courieruserinfo X%%PORTDOCS%%%%DOCSDIR%%/AUTHORS X%%PORTDOCS%%%%DOCSDIR%%/ChangeLog X%%PORTDOCS%%%%DOCSDIR%%/COPYING X%%PORTDOCS%%%%DOCSDIR%%/INSTALL X%%PORTDOCS%%%%DOCSDIR%%/NEWS X%%PORTDOCS%%%%DOCSDIR%%/README X%%PORTDOCS%%@dirrm %%DOCSDIR%% END-of-/usr/ports/security/courieruserinfo/pkg-plist echo x - /usr/ports/security/courieruserinfo/pkg-message sed 's/^X//' >/usr/ports/security/courieruserinfo/pkg-message << 'END-of-/usr/ports/security/courieruserinfo/pkg-message' X X######################################################################### XNOTES FOR RUNNING COURIERUSERINFO X XIn order to use courieruserinfo, it must be able to access the Xauthdaemon domain socket, named 'socket'. When courieruserinfo runs as Xroot, this presents no problem. However, if you need to run courieruserinfo Xas a non-root user, you have three options, all of which require some Xmanual work. X XOption 1: Add the user courieruserinfo will run as to the group that Xowns the authdaemon socket directory in /etc/group. More than one user Xcan be added to the group vector in this way. This arrangement works Xwell if courieruserinfo will be run by only a small number of users. XIf the authdaemon socket directory is owned by courier:courier and you Xrun courieruserinfo as user vmail, your /etc/group file will have a line Xsomething like this: X X courier:x:465:vmail X XOption 2: Some programs, such as tcpserver, allow you to separately set Xthe uid and gid of programs they call but don't honour the group vector Xfound in /etc/group. If you invoke courieruserinfo from such a program, Xset the gid to the group ownership of the authdaemon socket directory. X XOption 3: Change the permissions on courieruserinfo to set gid to the Xgroup ownership of the socket directory. Again, if the socket directory Xis owned by courier:courier, change the ownership and permissions Xof courieruserinfo like so: X X chgrp courier courieruserinfo X chmod g+s courieruserinfo X XBe aware that this will allow any user on the system to access user Xaccount information through courieruserinfo. X XTo mitigate possible security risks posed by running courieruserinfo Xsetgid, courieruserinfo cannot retrieve passwords. X XThe location of the authdaemon domain socket is listed in the Xauthdaemonrc configuration file as the parameter authdaemonvar. X X######################################################################### X END-of-/usr/ports/security/courieruserinfo/pkg-message echo x - /usr/ports/security/courieruserinfo/pkg-descr sed 's/^X//' >/usr/ports/security/courieruserinfo/pkg-descr << 'END-of-/usr/ports/security/courieruserinfo/pkg-descr' Xcourieruserinfo is a utility for retrieving user account information. XAccount information is accessed through the courier-authlib authentication Xlibrary. X XWWW: http://www.arda.homeunix.net/store/ END-of-/usr/ports/security/courieruserinfo/pkg-descr echo x - /usr/ports/security/courieruserinfo/distinfo sed 's/^X//' >/usr/ports/security/courieruserinfo/distinfo << 'END-of-/usr/ports/security/courieruserinfo/distinfo' XMD5 (courieruserinfo-1.1.2.tar.gz) = 38efe36ba1cd6a85985b21cde23a7a03 XSHA256 (courieruserinfo-1.1.2.tar.gz) = 8a3667fc90241ee40af7eb92552ca7d38f38a926beb3124c9e1ea8b7d00d0037 XSIZE (courieruserinfo-1.1.2.tar.gz) = 283493 END-of-/usr/ports/security/courieruserinfo/distinfo exit >Release-Note: >Audit-Trail: >Unformatted:
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20060727014240.87009.qmail>