[Bug 176253] Review Request: clement-2.1
bugzilla at redhat.com
bugzilla at redhat.com
Mon Aug 14 07:50:24 UTC 2006
Please do not reply directly to this email. All additional
comments should be made in the comments box of this bug report.
Summary: Review Request: clement-2.1
https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=176253
------- Additional Comments From j.w.r.degoede at hhs.nl 2006-08-14 03:40 EST -------
(In reply to comment #16)
> I think datadir is not a problem, I need to double check with the PHP person,
> should be fixed in the next version.
>
> clement is not 'setuid' but must be root open < 1024 port.
> such the Clement daemon is started as root and clement take
> the application ownership to become a standard user mail
> to avoid the have a daemon with root priviledge open on the
> (wild) outside.
I understand, but then the %{_usr}/bin/%{name} file doesn't have the be owned by
mail.mail and could be just root.root, right?
My real question al allong has been why is %{_usr}/bin/%{name} owned by mail.mail?
> I would rather have a "clement" username but
> rpmlint seems to be rather reluctant to 'give/declare' new
> username.
>
Thats possible, add the following lines (at the appropiate places):
Requires(pre): /usr/sbin/useradd, /usr/sbin/groupadd
%pre
/usr/sbin/groupadd -r clement 2> /dev/null || :
/usr/sbin/useradd -s /sbin/nologin -M -d / -c "Clement daemon" -r -g clement \
clement 2> /dev/null || :
And then you can use %attr (-,clement,clement) in %files. You will ofcourse also
need to patch the daemon to drop its root rights to the user clement instead of
mail.
This might generatre some rpmlint warnings but these may be ignored.
--
Configure bugmail: https://bugzilla.redhat.com/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the QA contact for the bug, or are watching the QA contact.
More information about the Fedora-package-review
mailing list