pkg/31959: make databases/openldap run as non-root

To: pkg-manager%netbsd.org@localhost, gnats-admin%netbsd.org@localhost, pkgsrc-bugs%netbsd.org@localhost
Subject: pkg/31959: make databases/openldap run as non-root
From: Geert Hendrickx <ghen%telenet.be@localhost>
Date: Mon, 31 Oct 2005 18:30:00 +0000 (UTC)

>Number:         31959
>Category:       pkg
>Synopsis:       make databases/openldap run as non-root
>Confidential:   no
>Severity:       non-critical
>Priority:       medium
>Responsible:    pkg-manager
>State:          open
>Class:          change-request
>Submitter-Id:   net
>Arrival-Date:   Mon Oct 31 18:30:00 +0000 2005
>Originator:     Geert Hendrickx
>Release:        NetBSD 2.1
>Organization:
        
>Environment:
        
        
System: NetBSD mantis 2.1 NetBSD 2.1 (MANTIS) #0: Fri Oct 28 15:48:15 CEST 2005 
geert@mantis:/cvs/obj/sys/arch/i386/compile/MANTIS i386
Architecture: i386
Machine: i386
>Description:
        
OpenLDAP can perfectly run as non-root.  The patch below makes it run as an 
unprivileged user.
>How-To-Repeat:
        
>Fix:
        
Index: Makefile
===================================================================
RCS file: /pub/NetBSD-CVS/pkgsrc/databases/openldap/Makefile,v
retrieving revision 1.102
diff -u -r1.102 Makefile
--- Makefile    26 Oct 2005 15:08:13 -0000      1.102
+++ Makefile    31 Oct 2005 17:33:29 -0000
@@ -18,11 +18,18 @@
 GNU_CONFIGURE=         yes
 TEST_TARGET=           test
 
+LDAP_USER?=            ldap
+LDAP_GROUP?=           ldap
+
+PKG_GROUPS=            ${LDAP_GROUP}
+PKG_USERS=             ${LDAP_USER}:${LDAP_GROUP}::LDAP\ 
user:${OPENLDAP_VARDIR}
+
 MAKE_ENV+=             LIBMODE=${LIBMODE}
 OPENLDAP_ETCDIR=       ${PKG_SYSCONFDIR}/openldap
 OPENLDAP_MODULEDIR=    ${PREFIX}/lib/openldap
 OPENLDAP_VARDIR=       ${VARBASE}/openldap
 FILES_SUBST+=          OPENLDAP_ETCDIR=${OPENLDAP_ETCDIR:Q}
+FILES_SUBST+=          LDAP_USER=${LDAP_USER}
 
 .include "../../mk/bsd.prefs.mk"
 .include "options.mk"
@@ -54,8 +61,8 @@
 # SLAPD (stackable) overlays
 CONFIGURE_ARGS+=       --enable-overlays
 
-OPENLDAP_FILEPERMS=    ${ROOT_USER} ${ROOT_GROUP} 0600
-OPENLDAP_DIRPERMS=     ${ROOT_USER} ${ROOT_GROUP} 0700
+OPENLDAP_FILEPERMS=    ${LDAP_USER} ${LDAP_GROUP} 0600
+OPENLDAP_DIRPERMS=     ${LDAP_USER} ${LDAP_GROUP} 0700
 
 USE_PKGINSTALL=                yes
 EGDIR=                 ${PREFIX}/share/examples/openldap
Index: files/slapd.sh
===================================================================
RCS file: /pub/NetBSD-CVS/pkgsrc/databases/openldap/files/slapd.sh,v
retrieving revision 1.7
diff -u -r1.7 slapd.sh
--- files/slapd.sh      26 Oct 2005 15:08:13 -0000      1.7
+++ files/slapd.sh      31 Oct 2005 17:33:29 -0000
@@ -12,6 +12,7 @@
 name="slapd"
 rcvar=${name}
 command="@PREFIX@/libexec/${name}"
+command_args="-u @LDAP_USER@"
 required_files="@OPENLDAP_ETCDIR@/${name}.conf"
 
 load_rc_config $name
Index: files/slurpd.sh
===================================================================
RCS file: /pub/NetBSD-CVS/pkgsrc/databases/openldap/files/slurpd.sh,v
retrieving revision 1.3
diff -u -r1.3 slurpd.sh
--- files/slurpd.sh     26 Oct 2005 15:08:13 -0000      1.3
+++ files/slurpd.sh     31 Oct 2005 17:33:29 -0000
@@ -12,6 +12,7 @@
 name="slurpd"
 rcvar=${name}
 command="@PREFIX@/libexec/${name}"
+command_args="-u @LDAP_USER@"
 required_files="@OPENLDAP_ETCDIR@/slapd.conf"
 required_vars="slapd"
 

>Unformatted:

Prev by Date: pkg/31958: imap-uw doesn't work with IMAP_UW_MAILSPOOLHOME as advertized
Next by Date: pkg/31960: Add iODBC support to databases/openldap
Previous by Thread: pkg/31958: imap-uw doesn't work with IMAP_UW_MAILSPOOLHOME as advertized
Next by Thread: pkg/31960: Add iODBC support to databases/openldap
Indexes:

Home | Main Index | Thread Index | Old Index