Date: Wed, 11 Apr 2018 13:01:27 +0000 (UTC) From: Mark Felder <feld@FreeBSD.org> To: ports-committers@freebsd.org, svn-ports-all@freebsd.org, svn-ports-branches@freebsd.org Subject: svn commit: r467046 - in branches/2018Q2/net-mgmt/py-pdagent: . files Message-ID: <201804111301.w3BD1RlZ079885@repo.freebsd.org>
next in thread | raw e-mail | index | archive | help
Author: feld Date: Wed Apr 11 13:01:27 2018 New Revision: 467046 URL: https://svnweb.freebsd.org/changeset/ports/467046 Log: MFH: r466569 r466572 net-mgmt/py-pdagent: Add dedicated user/group - Also add pkg-message informing how to permit users and services access net/py-pdagent: Further increase security Limit access to alert data files which could hold sensitive information PR: 227273 Added: branches/2018Q2/net-mgmt/py-pdagent/pkg-message - copied unchanged from r466569, head/net-mgmt/py-pdagent/pkg-message Modified: branches/2018Q2/net-mgmt/py-pdagent/Makefile branches/2018Q2/net-mgmt/py-pdagent/files/pdagentd.in Directory Properties: branches/2018Q2/ (props changed) Modified: branches/2018Q2/net-mgmt/py-pdagent/Makefile ============================================================================== --- branches/2018Q2/net-mgmt/py-pdagent/Makefile Wed Apr 11 12:45:34 2018 (r467045) +++ branches/2018Q2/net-mgmt/py-pdagent/Makefile Wed Apr 11 13:01:27 2018 (r467046) @@ -4,6 +4,7 @@ PORTNAME= pdagent PORTVERSION= 1.4 DISTVERSIONPREFIX=v +PORTREVISION= 2 CATEGORIES= net-mgmt python PKGNAMEPREFIX= ${PYTHON_PKGNAMEPREFIX} @@ -25,6 +26,9 @@ GH_ACCOUNT= PagerDuty SUB_LIST+= PYTHON_CMD="${PYTHON_CMD}" BINFILES= pd-queue pd-send pdagentd.py + +USERS= pdagent +GROUPS= pdagent do-patch: ${REINPLACE_CMD} -e 's|/var/lib/pdagent|/var/db/pdagent|' -e 's|/etc|${ETCDIR}|' ${WRKSRC}/pdagent/confdirs.py Modified: branches/2018Q2/net-mgmt/py-pdagent/files/pdagentd.in ============================================================================== --- branches/2018Q2/net-mgmt/py-pdagent/files/pdagentd.in Wed Apr 11 12:45:34 2018 (r467045) +++ branches/2018Q2/net-mgmt/py-pdagent/files/pdagentd.in Wed Apr 11 13:01:27 2018 (r467046) @@ -20,8 +20,8 @@ rcvar=pdagentd_enable load_rc_config $name : ${pdagentd_enable="NO"} -: ${pdagentd_user:="nobody"} -: ${pdagentd_group:="nogroup"} +: ${pdagentd_user:="pdagent"} +: ${pdagentd_group:="pdagent"} pidfile="/var/run/pdagent/pdagentd.pid" command="%%PREFIX%%/bin/pdagentd.py" @@ -34,15 +34,13 @@ pdagent_mkdirs="/var/db/pdagent /var/db/pdagent/outque pdagentd_precmd() { for i in ${pdagent_mkdirs}; do - install -d -o ${pdagentd_user} -g ${pdagentd_group} -m 775 ${i} + install -d -o ${pdagentd_user} -g ${pdagentd_group} -m 770 ${i} done - if [ ! -d /var/log/pdagent ]; then - install -d -o ${pdagentd_user} /var/log/pdagent - fi - if [ ! -d /var/run/pdagent ]; then - install -d -o ${pdagentd_user} /var/run/pdagent - fi + chown -R ${pdagentd_user}:${pdagentd_group} /var/db/pdagent + + install -d -o ${pdagentd_user} /var/log/pdagent + install -d -o ${pdagentd_user} /var/run/pdagent } run_rc_command "$1" Copied: branches/2018Q2/net-mgmt/py-pdagent/pkg-message (from r466569, head/net-mgmt/py-pdagent/pkg-message) ============================================================================== --- /dev/null 00:00:00 1970 (empty, because file is newly added) +++ branches/2018Q2/net-mgmt/py-pdagent/pkg-message Wed Apr 11 13:01:27 2018 (r467046, copy of r466569, head/net-mgmt/py-pdagent/pkg-message) @@ -0,0 +1,6 @@ +!!! NOTICE !!! + +You must add the required users and service accounts to the pdagent +group to permit write access to /var/db/pdagent. + +!!! NOTICE !!!
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?201804111301.w3BD1RlZ079885>