Create a "dnetc" user and group that owns relevant dnetc

directories, files, and runs the client. This removes all reliance on the "nobody" account so that the account doesn't own any files or run any processes.
svn path=/head/; revision=51000
2024-12-26 05:02:18 +00:00 · 2001-12-04 01:43:20 +00:00 · 2001-12-04 01:43:20 +00:00 · 73aebacf35 · 2021-03-31 03:12:20 +00:00
commit 73aebacf35
parent 75ead950c0
3 changed files with 47 additions and 9 deletions
--- a/misc/dnetc/Makefile
+++ b/misc/dnetc/Makefile
@ -40,8 +40,10 @@ NO_BUILD=	yes
 BINDIR=		${PREFIX}/distributed.net
 LIBDIR=		${PREFIX}/etc/rc.d

-CLIENTUID=	nobody
-CLIENTGID=	daemon
+CLIENTUSER=	dnetc
+CLIENTUID=	26
+CLIENTGROUP=	${CLIENTUSER}
+CLIENTGID=	${CLIENTUID}

 SBINMODE=	700
 BINMODE=	700
@ -49,23 +51,27 @@ BINMODE=	700
 MAN1=		dnetc.1

 do-configure:
-	if [ ! -f ${PREFIX}/dnetc.ini ]; then \
+	@if [ ! -f ${PREFIX}/dnetc.ini ]; then \
 		${INSTALL} -c -m 644 ${FILESDIR}/dnetc.ini ${WRKSRC}; \
 	fi

+pre-install:
+	@${ECHO} "==>  Creating custom user to run dnetc..."
+	${PKGINSTALL} ${PKGNAME} PRE-INSTALL "${CLIENTUSER}" "${CLIENTUID}" "${CLIENTGROUP}" "${CLIENTGID}"
+
 do-install:
-	if [ ! -d ${BINDIR} ]; then \
+	@if [ ! -d ${BINDIR} ]; then \
 		${MKDIR} ${BINDIR}; \
 	fi

-	${INSTALL} -c -m ${SBINMODE} -o ${CLIENTUID} -g ${CLIENTGID} ${WRKSRC}/dnetc ${BINDIR}
+	${INSTALL} -c -m ${SBINMODE} -o ${CLIENTUSER} -g ${CLIENTGROUP} ${WRKSRC}/dnetc ${BINDIR}

 	${SED} s#CHANGETHIS#${BINDIR}# < ${FILESDIR}/dnetc.sh > ${WRKSRC}/dnetc.sh.pathnames
 	${INSTALL} -c -m ${SBINMODE} ${WRKSRC}/dnetc.sh.pathnames ${LIBDIR}/dnetc.sh

 	${INSTALL_DATA} ${FILESDIR}/INFO ${BINDIR}

-	${CHOWN} ${CLIENTUID}:${CLIENTGID} ${BINDIR}
+	${CHOWN} ${CLIENTUSER}:${CLIENTGROUP} ${BINDIR}
 	${CHMOD} 775 ${BINDIR}

 	if [ ! -f ${BINDIR}/dnetc.sh ]; then \
@ -73,7 +79,7 @@ do-install:
 	fi

 	${INSTALL_MAN} ${WRKSRC}/${MAN1} ${PREFIX}/man/man1
-	${INSTALL} -c -m 644 -o ${CLIENTUID} -g ${CLIENTGID} ${WRKDIR}/dnetc.ini ${BINDIR}/dnetc.ini.default
+	${INSTALL} -c -m 644 -o ${CLIENTUSER} -g ${CLIENTGROUP} ${WRKDIR}/dnetc.ini ${BINDIR}/dnetc.ini.default
 .if !exists(${BINDIR}/dnetc.ini)
 	@echo ""
 	@echo ""
@ -89,7 +95,7 @@ do-install:
 	@echo ""
 	@echo ""
 	@echo ""
-	${INSTALL} -c -m 644 -o ${CLIENTUID} -g ${CLIENTGID} ${WRKDIR}/dnetc.ini ${BINDIR}
+	${INSTALL} -c -m 644 -o ${CLIENTUSER} -g ${CLIENTGROUP} ${WRKDIR}/dnetc.ini ${BINDIR}
 .endif

 .include <bsd.port.post.mk>
--- a/misc/dnetc/files/dnetc.sh
+++ b/misc/dnetc/files/dnetc.sh
@ -26,7 +26,7 @@ start)
 	fi

 	echo -n " dnetc"
-	su -m nobody -c "$dir/dnetc -quiet" 2>/dev/null >/dev/null &
+	su -m dnetc -c "$dir/dnetc -quiet" 2>/dev/null >/dev/null &
 	;;
 stop)
 	killall dnetc && echo -n " dnetc"
--- a/misc/dnetc/pkg-install
+++ b/misc/dnetc/pkg-install
@ -0,0 +1,32 @@
+#!/bin/sh
+
+if [ "$2" != "PRE-INSTALL" ]; then
+    exit 0
+fi
+
+CLIENTUSER=$3
+CLIENTUID=$4
+CLIENTGROUP=$5
+CLIENTGID=$6
+
+if ! pw groupshow "$CLIENTGROUP" 2>/dev/null 1>&2; then
+	if pw groupadd $CLIENTGROUP -g $CLIENTGID; then
+		echo "=> Added group \"$CLIENTGROUP\"."
+	else
+                echo "=> Adding group \"$CLIENTGROUP\" failed..."
+                exit 1
+        fi
+fi
+
+if ! pw usershow "$CLIENTUSER" 2>/dev/null 1>&2; then
+        if pw useradd $CLIENTUSER -u $CLIENTUID -g $CLIENTGROUP -h - \
+                -s "/sbin/nologin" -d "/nonexistent" \
+                -c "distributed.net client and proxy pseudo-user"; \
+        then
+                echo "=> Added user \"$CLIENTUSER\"."
+        else
+                echo "=> Adding user \"$CLIENTUSER\" failed..."
+                exit 1
+        fi
+fi
+exit 0