Date: Wed, 20 Sep 2006 16:06:53 +0900 From: Hirohisa Yamaguchi <umq@ueo.co.jp> To: FreeBSD-gnats-submit@FreeBSD.org Subject: ports/103417: [maintainer] mail/dkim-milter to run as a non-privileged user Message-ID: <86k63zggoi.wl%umq@ueo.co.jp> Resent-Message-ID: <200609200710.k8K7AJVN002853@freefall.freebsd.org>
next in thread | raw e-mail | index | archive | help
>Number: 103417
>Category: ports
>Synopsis: [maintainer] mail/dkim-milter to run as a non-privileged user
>Confidential: no
>Severity: non-critical
>Priority: low
>Responsible: freebsd-ports-bugs
>State: open
>Quarter:
>Keywords:
>Date-Required:
>Class: maintainer-update
>Submitter-Id: current-users
>Arrival-Date: Wed Sep 20 07:10:19 GMT 2006
>Closed-Date:
>Last-Modified:
>Originator: Hirohisa Yamaguchi
>Release: FreeBSD 7.0-CURRENT amd64
>Organization:
<organization of PR author (multiple lines)>
>Environment:
System: FreeBSD calliope.****.org 7.0-CURRENT FreeBSD 7.0-CURRENT #2: Fri Sep 1 13:15:27 JST 2006 root@calliope.****.org:/usr/obj/usr/src/sys/CALLIOPE64 amd64
>Description:
for some reasons, milter processes are recommended to run as non-privileged users.
And mail/dkim-milter does not.
>How-To-Repeat:
N/A
>Fix:
The patch follows.
Changes in this patch:
+ add new file pkg-install to create a user "dkimfilter"
+ make a directory under /var/run owned by the user to run
and the default file and sock have moved into the directory
+ fix multiple-instantiation failure in recent OSVERSION
ports/103404 is also open for now.
diff -Npru ports.orig/mail/dkim-milter/Makefile ports/mail/dkim-milter/Makefile
--- ports.orig/mail/dkim-milter/Makefile Wed Aug 2 11:47:05 2006
+++ ports/mail/dkim-milter/Makefile Wed Sep 20 12:35:28 2006
@@ -74,6 +74,7 @@ post-install:
${INSTALL_DATA} ${WRKSRC}/${f} ${DOCSDIR}
.endfor
.endif
+ @${SH} ${PKGINSTALL} ${PKGNAME} POST-INSTALL
@${CAT} ${PKGMESSAGE}
.include <bsd.port.post.mk>
diff -Npru ports.orig/mail/dkim-milter/files/milter-dkim.sh.in ports/mail/dkim-milter/files/milter-dkim.sh.in
--- ports.orig/mail/dkim-milter/files/milter-dkim.sh.in Tue May 2 00:05:44 2006
+++ ports/mail/dkim-milter/files/milter-dkim.sh.in Wed Sep 20 15:35:59 2006
@@ -15,6 +15,7 @@
#
# milterdkim_enable (bool): Set to "NO" by default.
# Set it to "YES" to enable dkim-milter
+# milterdkim_uid (str): Set username to run milter.
# milterdkim_profiles (list): Set to "" by default.
# Define your profiles here.
# milterdkim_socket (str): Path to the milter socket.
@@ -30,6 +31,7 @@
# DO NOT CHANGE THESE DEFAULT VALUES HERE
#
milterdkim_enable=${milterdkim_enable:-"NO"}
+milterdkim_uid=${milterdkim_uid:-"dkimfilter"}
milterdkim_profiles=${milterdkim_profiles:-}
milterdkim_socket=${milterdkim_socket:-"local:/var/run/milterdkim/filter.sock"}
milterdkim_domain=${milterdkim_domain:-"example.com"}
@@ -45,17 +47,17 @@ name="milterdkim"
rcvar=`set_rcvar`
start_precmd="dkim_prepcmd"
-stop_postcmd="dkim_prepcmd"
+stop_postcmd="dkim_postcmd"
command="%%PREFIX%%/libexec/dkim-filter"
-_pidprefix="/var/run/dkim-filter"
-pidfile="${_pidprefix}.pid"
+_piddir="/var/run/milterdkim"
+pidfile="${_piddir}/pid"
load_rc_config $name
if [ -n "$2" ]; then
profile="$2"
if [ "x${milterdkim_profiles}" != "x" ]; then
- pidfile="${_pidprefix}.${profile}.pid"
+ pidfile="${_piddir}/${profile}.pid"
eval milterdkim_enable="\${milterdkim_${profile}_enable:-${milterdkim_enable}}"
eval milterdkim_socket="\${milterdkim_${profile}_socket:-}"
if [ "x${milterdkim_socket}" = "x" ];then
@@ -65,7 +67,7 @@ if [ -n "$2" ]; then
eval milterdkim_domain="\${milterdkim_${profile}_domain:-${milterdkim_domain}}"
eval milterdkim_key="\${milterdkim_${profile}_key:-${milterdkim_key}}"
eval milterdkim_flags="\${milterdkim_${profile}_flags:-${milterdkim_flags}}"
- command_args="-l -p ${milterdkim_socket} -P ${pidfile}"
+ command_args="-l -p ${milterdkim_socket} -u ${milterdkim_uid} -P ${pidfile}"
else
echo "$0: extra argument ignored"
fi
@@ -74,7 +76,7 @@ else
if [ "x$1" != "xrestart" ]; then
for profile in ${milterdkim_profiles}; do
echo "===> milterdkim profile: ${profile}"
- %%PREFIX%%/etc/rc.d/milter-dkim.sh $1 ${profile}
+ $0 $1 ${profile}
retcode="$?"
if [ "0${retcode}" -ne 0 ]; then
failed="${profile} (${retcode}) ${failed:-}"
@@ -88,7 +90,7 @@ else
fi
else
milterdkim_flags=${milterdkim_flags}
- command_args="-l -p ${milterdkim_socket} -P ${pidfile}"
+ command_args="-l -p ${milterdkim_socket} -u ${milterdkim_uid} -P ${pidfile}"
fi
fi
@@ -99,6 +101,24 @@ dkim_prepcmd ()
elif [ -S ${milterdkim_socket##unix:} ] ; then
rm -f ${milterdkim_socket##unix:}
fi
+ if [ -d ${_piddir} ] ; then
+ return;
+ fi
+ mkdir -p ${_piddir}
+ if [ -n "${milterdkim_uid}" ] ; then
+ chown ${milterdkim_uid} ${_piddir}
+ fi
+}
+
+dkim_postcmd()
+{
+ if [ -S ${milterdkim_socket##local:} ] ; then
+ rm -f ${milterdkim_socket##local:}
+ elif [ -S ${milterdkim_socket##unix:} ] ; then
+ rm -f ${milterdkim_socket##unix:}
+ fi
+ # just if the directory is empty
+ rmdir ${_piddir} > /dev/null 2>&1
}
run_rc_command "$1"
diff -Npru ports.orig/mail/dkim-milter/pkg-install ports/mail/dkim-milter/pkg-install
--- ports.orig/mail/dkim-milter/pkg-install Thu Jan 1 09:00:00 1970
+++ ports/mail/dkim-milter/pkg-install Wed Sep 20 11:32:54 2006
@@ -0,0 +1,18 @@
+#!/bin/sh
+
+if [ "$2" != "POST-INSTALL" ]
+then
+ exit 0;
+fi
+
+# check if dkimfilter user exists
+pw user show dkimfilter > /dev/null 2>&1
+
+if [ $? != 0 ]
+then
+ echo "===> Adding user dkimfilter"
+ pw useradd dkimfilter -c "milter-dkim" -s /sbin/nologin \
+ -d /nonexistent
+else
+ echo "===> Using existing user dkimfilter"
+fi
>Release-Note:
>Audit-Trail:
>Unformatted:
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?86k63zggoi.wl%umq>