On Fri, Jun 15, 2007 at 07:20:44PM -0400, Johnny C. Lam wrote:
> The following diff does two things:
> 
> (1) It adds two new variables PKG_GROUPS_VARS and PKG_USERS_VARS to
>     unprivileged.mk.  These two variables are lists of other bmake
>     variables that define package-specific users and groups.  Packages
>     that have user-settable variables for users and groups, e.g. apache
>     and APACHE_{USER,GROUP}, courier-mta and COURIER_{USER,GROUP},
>     etc.  should list these variables in PKG_USERS_VARS and PKG_GROUPS_VARS
>     so that unprivileged.mk can know to set them to ${UNPRIVILEGED_USER}
>     and ${UNPRIVILEGED_GROUP}.
> 
> (2) Modify packages to use PKG_GROUPS_VARS and PKG_USERS_VARS.
> 
> Thoughts?

This can break the security model of applications and the user account
in general with setuid binaries. This should be carefully kept in
mind...

Joerg