Subject: Re: Unprivileged user per-package custom groups
To: Roland Illig <rillig@NetBSD.org>
From: None <david.sainty@dtsp.co.nz>
List: tech-pkg
Date: 10/14/2007 20:35:08
Roland Illig writes:
> david.sainty@dtsp.co.nz wrote:
> > I propose the following change. Currently mk/unprivileged.mk will
> > override all per-package groups. This is not always desirable - in
> > fact it can be a real nuisance :)
> >
> > The patch below allows a package to use its custom group so long as
> > the group is in the UNPRIVILEGED_GROUPS list.
> >
> > In addition, the value of UNPRIVILEGED_GROUPS is defaulted to all the
> > groups the installing user is a member of, in a similar mold to
> > UNPRIVILEGED_GROUP and UNPRIVILEGED_USER.
>
> The patch for itself looks good. Can you provide an example where you
> want to use this feature? (Probably mainly for adding the "games" group,
> if I guess right.)
A perfect example. But I try and use groups as widely as possible,
since I do all installations as an unprivileged user. If a package
requires just a group then it makes the installation process much
easier, I just add the group to all my "pkgsrc" users (pkgsrc1,
pkgsrc2, pkgsrc3).
The one that was annoying me was "mail/dspam". In /etc/mk.conf I have:
DSPAM_BINMODE=2711
DSPAM_USER=${BINOWN}
DSPAM_GROUP=dspam
DSPAM_WWWGROUP=${DSPAM_GROUP}
Usually bin/dspam is installed setuid "dspam", but I find setgid
adequate - it doesn't really need to be setuid.
Cheers,
Dave