pkgsrc-bugs: pkg/31959: make databases/openldap run as non-root

Subject: pkg/31959: make databases/openldap run as non-root
To: None <pkg-manager@netbsd.org, gnats-admin@netbsd.org,>
From: Geert Hendrickx <ghen@telenet.be>
List: pkgsrc-bugs
Date: 10/31/2005 18:30:00
>Number:         31959
>Category:       pkg
>Synopsis:       make databases/openldap run as non-root
>Confidential:   no
>Severity:       non-critical
>Priority:       medium
>Responsible:    pkg-manager
>State:          open
>Class:          change-request
>Submitter-Id:   net
>Arrival-Date:   Mon Oct 31 18:30:00 +0000 2005
>Originator:     Geert Hendrickx
>Release:        NetBSD 2.1
>Organization:
	
>Environment:
	
	
System: NetBSD mantis 2.1 NetBSD 2.1 (MANTIS) #0: Fri Oct 28 15:48:15 CEST 2005 geert@mantis:/cvs/obj/sys/arch/i386/compile/MANTIS i386
Architecture: i386
Machine: i386
>Description:
	
OpenLDAP can perfectly run as non-root.  The patch below makes it run as an unprivileged user.
>How-To-Repeat:
	
>Fix:
	
Index: Makefile
===================================================================
RCS file: /pub/NetBSD-CVS/pkgsrc/databases/openldap/Makefile,v
retrieving revision 1.102
diff -u -r1.102 Makefile
--- Makefile	26 Oct 2005 15:08:13 -0000	1.102
+++ Makefile	31 Oct 2005 17:33:29 -0000
@@ -18,11 +18,18 @@
 GNU_CONFIGURE=		yes
 TEST_TARGET=		test
 
+LDAP_USER?=		ldap
+LDAP_GROUP?=		ldap
+
+PKG_GROUPS=		${LDAP_GROUP}
+PKG_USERS=		${LDAP_USER}:${LDAP_GROUP}::LDAP\ user:${OPENLDAP_VARDIR}
+
 MAKE_ENV+=		LIBMODE=${LIBMODE}
 OPENLDAP_ETCDIR=	${PKG_SYSCONFDIR}/openldap
 OPENLDAP_MODULEDIR=	${PREFIX}/lib/openldap
 OPENLDAP_VARDIR=	${VARBASE}/openldap
 FILES_SUBST+=		OPENLDAP_ETCDIR=${OPENLDAP_ETCDIR:Q}
+FILES_SUBST+=		LDAP_USER=${LDAP_USER}
 
 .include "../../mk/bsd.prefs.mk"
 .include "options.mk"
@@ -54,8 +61,8 @@
 # SLAPD (stackable) overlays
 CONFIGURE_ARGS+=	--enable-overlays
 
-OPENLDAP_FILEPERMS=	${ROOT_USER} ${ROOT_GROUP} 0600
-OPENLDAP_DIRPERMS=	${ROOT_USER} ${ROOT_GROUP} 0700
+OPENLDAP_FILEPERMS=	${LDAP_USER} ${LDAP_GROUP} 0600
+OPENLDAP_DIRPERMS=	${LDAP_USER} ${LDAP_GROUP} 0700
 
 USE_PKGINSTALL=		yes
 EGDIR=			${PREFIX}/share/examples/openldap
Index: files/slapd.sh
===================================================================
RCS file: /pub/NetBSD-CVS/pkgsrc/databases/openldap/files/slapd.sh,v
retrieving revision 1.7
diff -u -r1.7 slapd.sh
--- files/slapd.sh	26 Oct 2005 15:08:13 -0000	1.7
+++ files/slapd.sh	31 Oct 2005 17:33:29 -0000
@@ -12,6 +12,7 @@
 name="slapd"
 rcvar=${name}
 command="@PREFIX@/libexec/${name}"
+command_args="-u @LDAP_USER@"
 required_files="@OPENLDAP_ETCDIR@/${name}.conf"
 
 load_rc_config $name
Index: files/slurpd.sh
===================================================================
RCS file: /pub/NetBSD-CVS/pkgsrc/databases/openldap/files/slurpd.sh,v
retrieving revision 1.3
diff -u -r1.3 slurpd.sh
--- files/slurpd.sh	26 Oct 2005 15:08:13 -0000	1.3
+++ files/slurpd.sh	31 Oct 2005 17:33:29 -0000
@@ -12,6 +12,7 @@
 name="slurpd"
 rcvar=${name}
 command="@PREFIX@/libexec/${name}"
+command_args="-u @LDAP_USER@"
 required_files="@OPENLDAP_ETCDIR@/slapd.conf"
 required_vars="slapd"
 

>Unformatted: