On Sun, Nov 20, 2005 at 01:02:22PM +0100, Manuel Bouyer wrote:
> On Sat, Nov 19, 2005 at 07:06:02PM +0100, Pavel Cahyna wrote:
> > > I'm not sure tar hardcode uid/gid, I think it uses user/group names instead
> > > (but this is from memory and I didn't test, I may be wrong here).
> > 
> > Then, what happened when extracting the sets, if tar didn't find the name?
> 
> tar silently defaults to root:wheel (or whatever uid/gid tar is running under)

I just looked to the system where I did the install, and saw that for
those files, tar (pax, actually) chose the "correct" UID and GID, not
root:wheel.

So IMHO if those UIDs or GIDs were in use by another user or group, I
would end with a system with setgid binaries owned by a group different
that intended. If I chose a random UID/GID whwn creating those
special users and groups, I would end with files owned by nonexistent
users or groups. Is this correct?

(I know the "official" way to upgrade is to use sysinst, but don't see how
it would helped, if sysinst just calls postinstall.)

The files in question are:
-r-xr-sr-x  1 root     smmsp     632130 Nov  8 08:20 ./usr/libexec/sendmail/sendmail
-r-sr-sr-x  1 root     authpf     18698 Nov  8 08:20 ./usr/sbin/authpf
drwxrwx---  2 smmsp    smmsp          0 Nov  8 08:05 ./var/spool/clientmqueue

Pavel Cahyna