Date: Thu, 13 Dec 2012 10:00:38 -0600 From: Brooks Davis <brooks@freebsd.org> To: "Robert N. M. Watson" <rwatson@freebsd.org> Cc: "O. Hartmann" <ohartman@zedat.fu-berlin.de>, FreeBSD Current <freebsd-current@freebsd.org>, Ryan Stone <rysto32@gmail.com> Subject: Re: Distributed audit daemon committed (was: svn commit: r243752 - in head: etc etc/defaults etc/mail etc/mtree etc/rc.d share/man/man4 usr.sbin usr.sbin/auditdistd (fwd)) Message-ID: <20121213160038.GE40927@lor.one-eyed-alien.net> In-Reply-To: <0857C6CA-31DF-441D-B30E-F7DB2492C213@freebsd.org> References: <alpine.BSF.2.00.1212011512410.34256@fledge.watson.org> <50BA7158.1040302@fgznet.ch> <CADLo83-SJMdu7jagH-Ac_Ooc-LahDtL%2BEF-cRHiWsS9u64sxsA@mail.gmail.com> <50BB136F.4040509@zedat.fu-berlin.de> <alpine.BSF.2.00.1212021302390.55169@fledge.watson.org> <CAFMmRNzu==GZ0-EPdB9Wz5MSnu=cvJUtd4_-wsPSxqykxTFySw@mail.gmail.com> <0857C6CA-31DF-441D-B30E-F7DB2492C213@freebsd.org>
next in thread | previous in thread | raw e-mail | index | archive | help
--zaRBsRFn0XYhEU69 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On Sun, Dec 02, 2012 at 03:43:22PM +0000, Robert N. M. Watson wrote: >=20 > On 2 Dec 2012, at 15:34, Ryan Stone wrote: >=20 > > On Sun, Dec 2, 2012 at 8:05 AM, Robert Watson <rwatson@freebsd.org> wro= te: > >=20 > > Just to follow up on this thread, since the question has come up a numb= er of times. "mergemaser -p" should be run prior to installworld always, b= ut most of the time will do very little. One of its responsibilities is to= add any necessary accounts and groups depended on by base system component= s -- e.g., that will be referenced during installworld as part of setting f= ile ownership and groups. > >=20 > > I often use "make installworld installkernel distribution DESTDIR=3D...= " to create bootable images (e.g. for a USB stick). What's the recommendat= ion for that case? Manually create the auditdistd user on the build host? >=20 > Yes, that's probably the best short-term bet. >=20 > In the longer term, it would be nice of installworld could not only gener= ate an mtree on the side rather than directly chmod/chowning the files (Bro= oks Davis has patches for this), but also use UIDs/GIDs from a user databas= e directly rather than assuming that the host where you are constructing th= e image has the same notion of users and groups. This is especially importa= nt if we want to support cross-building embedded images from Linux, Mac OS = X, etc, in the future. >=20 One useful feature of NetBSD's install is that we can use passwd and group databases other than the one in /. You would obviously use this when doing an unprivileged install, but you might also want to do it for a privileged install as well which would fix this bootstrapping problem. -- Brooks --zaRBsRFn0XYhEU69 Content-Type: application/pgp-signature -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.11 (FreeBSD) iD8DBQFQyfumXY6L6fI4GtQRAmGZAKCd0T5MftevJmM44yWAYXRMDL89CQCfb0dk wVRJpCNCZHf/qRTwnFJx68g= =TdhV -----END PGP SIGNATURE----- --zaRBsRFn0XYhEU69--
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20121213160038.GE40927>