Frederic Fauberteau <triaxx%NetBSD.org@localhost> writes:
> Maybe there is something I did not quite understand and I apologize
> for that. I installed databases/postgresql13-server from an
> unprivileged bootstrapped pkgsrc. In rc.d/pgsql file, there is a
> pgsql_initdb function that contains this part of code:
> /bin/mkdir -p -p ${pgsql_home}
> true ${pgsql_user} ${pgsql_home}
> true ${pgsql_group} ${pgsql_home}
> /bin/chmod 0700 ${pgsql_home}
> that corresponds to the file substitution of:
> @MKDIR@ -p ${pgsql_home}
> @CHOWN@ ${pgsql_user} ${pgsql_home}
> @CHGRP@ ${pgsql_group} ${pgsql_home}
> @CHMOD@ 0700 ${pgsql_home}
> whereas in a privileged /usr/pkg tree, the resulting code is:
> /bin/mkdir -p -p ${pgsql_home}
> /usr/sbin/chown ${pgsql_user} ${pgsql_home}
> /usr/bin/chgrp ${pgsql_group} ${pgsql_home}
> /bin/chmod 0700 ${pgsql_home}
That's a very interesting question.
An unprivileged pkgsrc cannot add new users and groups to the system.
So why are they there, unless you also have a privileged install?
With an unprivileged install, running daemons that are suid or start as
root and setuid to some specific uid, and use permissions schemes, don't
really make 100% sense. I can see the "build package as user and
install as root" approach, but that's not what unpriv pkgsrc install is.
How did the rc.d file get installed? To where?
What do you think should happen? Why?
My only guesses other than "don't do that" are
all the user/group should be nobody, but then how do programs separate
there should be no setuid, and you should only runs these programs
under the uid that owns the install
Attachment:
signature.asc
Description: PGP signature