>Number:         8942
>Category:       pkg
>Synopsis:       wrong perms for netplan.dir and it gets removed
>Confidential:   no
>Severity:       serious
>Priority:       medium
>Responsible:    pkg-manager (NetBSD software packages system bug manager)
>State:          open
>Class:          change-request
>Submitter-Id:   net
>Arrival-Date:   Fri Dec  3 05:24:01 1999
>Last-Modified:
>Originator:     Mario Kemper
>Organization:
Mario Kemper
magick@bundy.lip.owl.de
>Release:        NetBSD-current  1.4P
>Environment:
	
System: NetBSD bundy 1.4P NetBSD 1.4P (BUNDY) #1: Sat Nov 27 11:48:58 CET 1999 root@bundy:/usr/netbsd-src/src/sys/arch/i386/compile/BUNDY i386


>Description:

There are two problems with the pkgsrc/misc/plan related to the use of 
netplan. Netplan allows users in a network to access the calendar data on 
a server. You also need netplan if you want to sync your appointments between 
plan and your Palm Pilot.

If you use netplan, appointments get stored in 
libexec/plan/netplan.dir instead of your home. So the line:

@unexec rm -rf %D/libexec/plan/netplan.dir

in pkg/PLIST is fatal as it removes all appointments.

The second problem is related to the fact that netplan changes UID and GID to 
NOBODY after start for security reasons. But netpland.dir is owned by root 
with permissions 700 after install. 

>How-To-Repeat:

Refresh plan after an update of lesstif. Watch netplan failing because of
permission problems and start to cry when you see an empty netplan.dir.
Luckyly i use it for synching with my pilot and not as a server for a large 
intranet.

>Fix:

1. remove the line "@unexec rm -rf %D/libexec/plan/netplan.dir" from PLIST.

2. change the owner and group to the one defined in the Makefile
   (39:39). 

The package defines nobody:nobody to 39:39. Is there a man page that describes
this? I don't have a user nobody with UID 39. Is there a standard?

>Audit-Trail:
>Unformatted: