Subject: Re: Package-specific users and groups & unprivileged builds
To: None <>
From: Johnny C. Lam <>
List: tech-pkg
Date: 06/18/2007 09:30:23
Joerg Sonnenberger wrote:
> On Fri, Jun 15, 2007 at 07:20:44PM -0400, Johnny C. Lam wrote:
>> The following diff does two things:
>> (1) It adds two new variables PKG_GROUPS_VARS and PKG_USERS_VARS to
>>  These two variables are lists of other bmake
>>     variables that define package-specific users and groups.  Packages
>>     that have user-settable variables for users and groups, e.g. apache
>>     and APACHE_{USER,GROUP}, courier-mta and COURIER_{USER,GROUP},
>>     etc.  should list these variables in PKG_USERS_VARS and PKG_GROUPS_VARS
>>     so that can know to set them to ${UNPRIVILEGED_USER}
>> (2) Modify packages to use PKG_GROUPS_VARS and PKG_USERS_VARS.
>> Thoughts?
> This can break the security model of applications and the user account
> in general with setuid binaries. This should be carefully kept in
> mind...

This is why I had the separate proposal for unprivileged pkgsrc with 
regards to set-id binaries.


	-- Johnny Lam <>