Subject: Re: Package-specific users and groups & unprivileged builds
To: None <>
From: Joerg Sonnenberger <>
List: tech-pkg
Date: 06/17/2007 22:42:31
On Fri, Jun 15, 2007 at 07:20:44PM -0400, Johnny C. Lam wrote:
> The following diff does two things:
> (1) It adds two new variables PKG_GROUPS_VARS and PKG_USERS_VARS to
>  These two variables are lists of other bmake
>     variables that define package-specific users and groups.  Packages
>     that have user-settable variables for users and groups, e.g. apache
>     and APACHE_{USER,GROUP}, courier-mta and COURIER_{USER,GROUP},
>     etc.  should list these variables in PKG_USERS_VARS and PKG_GROUPS_VARS
>     so that can know to set them to ${UNPRIVILEGED_USER}
> (2) Modify packages to use PKG_GROUPS_VARS and PKG_USERS_VARS.
> Thoughts?

This can break the security model of applications and the user account
in general with setuid binaries. This should be carefully kept in