From owner-freebsd-ports-bugs@FreeBSD.ORG Fri Sep 26 10:10:23 2003 Return-Path: Delivered-To: freebsd-ports-bugs@hub.freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 20EBD16A4B3 for ; Fri, 26 Sep 2003 10:10:23 -0700 (PDT) Received: from freefall.freebsd.org (freefall.freebsd.org [216.136.204.21]) by mx1.FreeBSD.org (Postfix) with ESMTP id 2F6164402A for ; Fri, 26 Sep 2003 10:10:15 -0700 (PDT) (envelope-from gnats@FreeBSD.org) Received: from freefall.freebsd.org (gnats@localhost [127.0.0.1]) by freefall.freebsd.org (8.12.9/8.12.9) with ESMTP id h8QHAFFY042211 for ; Fri, 26 Sep 2003 10:10:15 -0700 (PDT) (envelope-from gnats@freefall.freebsd.org) Received: (from gnats@localhost) by freefall.freebsd.org (8.12.9/8.12.9/Submit) id h8QHAEd7042209; Fri, 26 Sep 2003 10:10:15 -0700 (PDT) (envelope-from gnats) Resent-Date: Fri, 26 Sep 2003 10:10:15 -0700 (PDT) Resent-Message-Id: <200309261710.h8QHAEd7042209@freefall.freebsd.org> Resent-From: FreeBSD-gnats-submit@FreeBSD.org (GNATS Filer) Resent-To: freebsd-ports-bugs@FreeBSD.org Resent-Reply-To: FreeBSD-gnats-submit@FreeBSD.org, Oliver Eikemeier Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 9350E16A4B3 for ; Fri, 26 Sep 2003 10:05:19 -0700 (PDT) Received: from mx2.fillmore-labs.com (lima.fillmore-labs.com [62.138.193.83]) by mx1.FreeBSD.org (Postfix) with ESMTP id 204DF44005 for ; Fri, 26 Sep 2003 10:05:18 -0700 (PDT) (envelope-from eikemeier@fillmore-labs.com) Received: from pd958a37e.dip.t-dialin.net ([217.88.163.126] helo=fillmore-labs.com ident=5tp1ioo39hhs3ukh) by mx2.fillmore-labs.com with asmtp (TLSv1:AES256-SHA:256) (Exim 4.24; FreeBSD 4.9) id 1A2w1s-0001yG-T7 for FreeBSD-gnats-submit@FreeBSD.org; Fri, 26 Sep 2003 19:05:17 +0200 Message-Id: <3F7471C9.2000606@fillmore-labs.com> Date: Fri, 26 Sep 2003 19:05:13 +0200 From: Oliver Eikemeier To: FreeBSD-gnats-submit@FreeBSD.org Subject: ports/57256: port security/clamav: should not issue rmuser -y on deinstall X-BeenThere: freebsd-ports-bugs@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Ports bug reports List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 26 Sep 2003 17:10:23 -0000 >Number: 57256 >Category: ports >Synopsis: port security/clamav: should not issue rmuser -y on deinstall >Confidential: no >Severity: serious >Priority: medium >Responsible: freebsd-ports-bugs >State: open >Quarter: >Keywords: >Date-Required: >Class: sw-bug >Submitter-Id: current-users >Arrival-Date: Fri Sep 26 10:10:14 PDT 2003 >Closed-Date: >Last-Modified: >Originator: Oliver Eikemeier >Release: FreeBSD 5.1-CURRENT i386 >Organization: Fillmore Labs - http://www.fillmore-labs.com >Environment: System: FreeBSD nuuk.fillmore-labs.com 5.1-CURRENT >Description: PR 53305 added @unexec rmuser -y clamav to pkg-plist. This deletes the clamav user and any additional files. This should *only* happen on complete deinstalls, with user confirmation, *never* on upgrades. The clamav user is subsequently re-added, with a possible different user id. Any other group memberships are lost, i.e. if clamav has been added to the group 'mail' it isn't after an upgrade. If I integrated clamav in exim following Sheldon Hearns excellent instructions (${PREFIX}/share/doc/exim/POST-INSTALL-NOTES.clamd in the exim port) my mail server will stop working as a result of the upgrade. A changing user id implies that clamav can't access /var/run/clamav and create a socket there. >How-To-Repeat: # portupgrade -f 'clamav-*' ---> Uninstalling the old version ---> Deinstalling 'clamav-0.60_1' ---> Preserving /usr/local/lib/libclamav.so.1 as /usr/local/lib/compat/pkg/libclamav.so.1 pkg_delete: '/usr/local/share/clamav/viruses.db' fails original MD5 checksum - deleted anyway. pkg_delete: '/usr/local/share/clamav/viruses.db2' fails original MD5 checksum - deleted anyway. /usr/sbin/rmuser: Informational: Home /nonexistent is not a directory, so it won't be removed Killed process(es) belonging to clamav. Updating password file, updating databases, done. Updating group file: mail (removing group clamav -- personal group is empty) done. Removing files belonging to clamav from /tmp: done. Removing files belonging to clamav from /var/tmp: done. Removing files belonging to clamav from /var/tmp/vi.recover: done. [Updating the pkgdb in /var/db/pkg ... - 91 packages found (-1 +0) (...) done] ---> Installing the new version via the port ===> Installing for clamav-0.60_2 [...] ===> Creating custom user to run clamav... /bin/sh /usr/ports/security/clamav/pkg-install clamav-0.60_2 PRE-INSTALL => Added group "clamav". => Added user "clamav". >Fix: Remove @unexec rmuser -y clamav from pkg-plist. If necessary, add a message in pkg-deinstall, telling the user to do this step manually. >Release-Note: >Audit-Trail: >Unformatted: