Date: Fri, 15 Jul 2022 09:00:12 +0000 From: bugzilla-noreply@freebsd.org To: ports-bugs@FreeBSD.org Subject: [Bug 265230] sysutils/nomad: pkg install creates default datadir with insecure permissions Message-ID: <bug-265230-7788@https.bugs.freebsd.org/bugzilla/>
next in thread | raw e-mail | index | archive | help
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=3D265230 Bug ID: 265230 Summary: sysutils/nomad: pkg install creates default datadir with insecure permissions Product: Ports & Packages Version: Latest Hardware: Any OS: Any Status: New Severity: Affects Only Me Priority: --- Component: Individual Port(s) Assignee: jhixson@FreeBSD.org Reporter: grembo@FreeBSD.org Assignee: jhixson@FreeBSD.org Flags: maintainer-feedback?(jhixson@FreeBSD.org) Created attachment 235266 --> https://bugs.freebsd.org/bugzilla/attachment.cgi?id=3D235266&action= =3Dedit Change homedir of nomad user to /nonexistent Since bug #264425 nomad only starts if its datadir has secure permissions (700).=20 The port's default datadir is /var/tmp/nomad, which also happens to be its user's home directory. Therefore installing the package always creates a default datadir with permissions too lose to actually start the service. I see various options to correct this: 1. Change port installation to change permissions of /var/tmp/nomad (not so nice) 2. Change data dir to be under /var/tmp/nomad, e.g., /var/tmp/nomad/data Clean, but might cause breakage on update 3. Change home of nomad user to /nonexistent As far as I can tell, 3. has the least impact (other hashicorp users like v= ault do the same). So the attached patch changes UIDs to change nomad's homedir. I ran some local tests with it and things seem to be fine. So unless there = was a very specific reason to have a real HOME for the nomad user, I would sugg= est to go with the attached patch. --=20 You are receiving this mail because: You are the assignee for the bug.=
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?bug-265230-7788>