Unprivileged FILES_SUBST for rc.d scripts

To: pkgsrc-users%NetBSD.org@localhost
Subject: Unprivileged FILES_SUBST for rc.d scripts
From: Frederic Fauberteau <triaxx%NetBSD.org@localhost>
Date: Wed, 23 Dec 2020 15:57:00 +0100

Maybe there is something I did not quite understand and I apologize for that. I installed databases/postgresql13-server from an unprivileged bootstrapped pkgsrc. In rc.d/pgsql file, there is  a pgsql_initdb function that contains this part of code:
    /bin/mkdir -p -p ${pgsql_home}
    true ${pgsql_user} ${pgsql_home}
    true ${pgsql_group} ${pgsql_home}
    /bin/chmod 0700 ${pgsql_home}
that corresponds to the file substitution of:
    @MKDIR@ -p ${pgsql_home}
    @CHOWN@ ${pgsql_user} ${pgsql_home}
    @CHGRP@ ${pgsql_group} ${pgsql_home}
    @CHMOD@ 0700 ${pgsql_home}
whereas in a privileged /usr/pkg tree, the resulting code is:
    /bin/mkdir -p -p ${pgsql_home}
    /usr/sbin/chown ${pgsql_user} ${pgsql_home}
    /usr/bin/chgrp ${pgsql_group} ${pgsql_home}
    /bin/chmod 0700 ${pgsql_home}
If I try to start this service as root, ${pgsql_home} is created with root permissions and ${pgsql_user} cannot initialize its databases due to permission denied. If I try to start this service as ${pgsql_user}, I get the following error message:
ulimit: error setting limit (Operation not permitted)

Could '/usr/sbin/service pgsql start' be run by unprivileged user? If not, maybe @CHOWN@/@CHGRP@ could be substituated by chown/chgrp in the case of rc.d scripts.

Follow-Ups:
- Re: Unprivileged FILES_SUBST for rc.d scripts
  - From: Greg Troxel

Prev by Date: multimedia/mpv configure fails on netbsd-9/i386
Next by Date: Build stuck in lang/mozjs78
Previous by Thread: multimedia/mpv configure fails on netbsd-9/i386
Next by Thread: Re: Unprivileged FILES_SUBST for rc.d scripts
Indexes:

Home | Main Index | Thread Index | Old Index