From nobody@FreeBSD.org  Fri Apr 17 16:38:33 2009
Return-Path: <nobody@FreeBSD.org>
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34])
	by hub.freebsd.org (Postfix) with ESMTP id EAFDC106564A
	for <freebsd-gnats-submit@FreeBSD.org>; Fri, 17 Apr 2009 16:38:33 +0000 (UTC)
	(envelope-from nobody@FreeBSD.org)
Received: from www.freebsd.org (www.freebsd.org [IPv6:2001:4f8:fff6::21])
	by mx1.freebsd.org (Postfix) with ESMTP id BDCEE8FC0C
	for <freebsd-gnats-submit@FreeBSD.org>; Fri, 17 Apr 2009 16:38:33 +0000 (UTC)
	(envelope-from nobody@FreeBSD.org)
Received: from www.freebsd.org (localhost [127.0.0.1])
	by www.freebsd.org (8.14.3/8.14.3) with ESMTP id n3HGcWlK058621
	for <freebsd-gnats-submit@FreeBSD.org>; Fri, 17 Apr 2009 16:38:32 GMT
	(envelope-from nobody@www.freebsd.org)
Received: (from nobody@localhost)
	by www.freebsd.org (8.14.3/8.14.3/Submit) id n3HGcW2i058614;
	Fri, 17 Apr 2009 16:38:32 GMT
	(envelope-from nobody)
Message-Id: <200904171638.n3HGcW2i058614@www.freebsd.org>
Date: Fri, 17 Apr 2009 16:38:32 GMT
From: Kostas Voulgaris <voulgaris@ceid.upatras.gr>
To: freebsd-gnats-submit@FreeBSD.org
Subject: bacula-server-2.4.2: make_sqlite_tables sets wrong permmisions to db file
X-Send-Pr-Version: www-3.1
X-GNATS-Notify:

>Number:         133818
>Category:       ports
>Synopsis:       bacula-server-2.4.2: make_sqlite_tables sets wrong permmisions to db file
>Confidential:   no
>Severity:       serious
>Priority:       low
>Responsible:    wxs
>State:          closed
>Quarter:        
>Keywords:       
>Date-Required:  
>Class:          sw-bug
>Submitter-Id:   current-users
>Arrival-Date:   Fri Apr 17 16:40:03 UTC 2009
>Closed-Date:    Fri Aug 14 20:03:24 UTC 2009
>Last-Modified:  Fri Aug 14 20:03:24 UTC 2009
>Originator:     Kostas Voulgaris
>Release:        7.1-RELEASE
>Organization:
>Environment:
FreeBSD srv.kcyber.dyndns.org 7.1-RELEASE-p4 FreeBSD 7.1-RELEASE-p4 #0: Sun Mar 22 12:35:36 UTC 2009     root@i386-builder.daemonology.net:/usr/obj/usr/src/sys/GENERIC  i386
>Description:
The script /usr/local/share/bacula/make_sqlite_tables that creates the sqlite database file in /var/db/bacula/bacula.db (default path) should set the file's owner to bacula and group to bacula instead of root:bacula. If not the bacula director (runs as user bacula) cannot write to the database. The problem[1] and the solution[2] is described in bacula-users mailing list and exists since 2007 but noone has reported it yet.

The problem is noticed when trying to run any configured backup job. You get errors when trying to insert data in database like this one: 

14-Apr 18:06 srv-dir JobId 0: Fatal error: sql_create.c:524 sql_create.c:524 insert INSERT INTO Client (Name,Uname,AutoPrune,FileRetention,JobRetention) VALUES ('spooky-fd','',1,2592000,15552000) failed:
attempt to write a readonly database
14-Apr 18:06 srv-dir JobId 0: sql_create.c:524 INSERT INTO Client (Name,Uname,AutoPrune,FileRetention,JobRetention) VALUES ('spooky-fd','',1,2592000,15552000)
14-Apr 18:06 srv-dir JobId 0: Error: sql_create.c:526 Create DB Client record INSERT INTO Client (Name,Uname,AutoPrune,FileRetention,JobRetention) VALUES ('spooky-fd','',1,2592000,15552000) failed. ERR=attempt to write a readonly database
14-Apr 18:06 srv-dir JobId 0: Fatal error: Could not create Client record. ERR=sql_create.c:526 Create DB Client record INSERT INTO Client (Name,Uname,AutoPrune,FileRetention,JobRetention) VALUES ('spooky-fd','',1,2592000,15552000) failed. ERR=attempt to write a readonly database

----

[1] http://www.mail-archive.com/bacula-users@lists.sourceforge.net/msg21700.html
[2] http://www.mail-archive.com/bacula-users@lists.sourceforge.net/msg21725.html
>How-To-Repeat:
i) install bacula-server-2.4.2
ii) run /usr/local/share/bacula/make_sqlite_tables to initialize the database
iii) run any backup job
>Fix:
The command:

  chown bacula:bacula ${db_name}.db

should be appended at the make_sqlite_tables script.

>Release-Note:
>Audit-Trail:
Responsible-Changed-From-To: freebsd-ports-bugs->wxs 
Responsible-Changed-By: wxs 
Responsible-Changed-When: Fri Apr 17 18:08:51 UTC 2009 
Responsible-Changed-Why:  
I'll take it. 

http://www.freebsd.org/cgi/query-pr.cgi?pr=133818 

From: Dan Langille <dan@langille.org>
To: bug-followup@FreeBSD.org, voulgaris@ceid.upatras.gr
Cc:  
Subject: Re: ports/133818: bacula-server-2.4.2: make_sqlite_tables sets wrong
 permmisions to db file
Date: Sat, 18 Apr 2009 22:52:14 -0400

 -----BEGIN PGP SIGNED MESSAGE-----
 Hash: SHA1
 
 workaround:
 
 Step ii) should be run as the bacula user to avoid this problem.
 
 I just tried to test this, but failed to get the port to compile (2.4.2)
 with SQLite.  It also appears the port always selects SQLite3 and cannot
 be made to use SQLite2.
 
 My time until late May is committed to BSDCan and PGCon.  If someone
 else wishes to look at this: the Makefile already assumes bacula-dir
 will run as the bacula user.  Look for "--with-dir-user=bacula".  So
 patching the file seems logical to me.
 
 - --
 Dan Langille
 
 BSDCan - The Technical BSD Conference : http://www.bsdcan.org/
 PGCon  - The PostgreSQL Conference:     http://www.pgcon.org/
 -----BEGIN PGP SIGNATURE-----
 Version: GnuPG v2.0.11 (FreeBSD)
 Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
 
 iEYEARECAAYFAknqkd4ACgkQCgsXFM/7nTxDSQCbBpbhLh4TP+QxWw8R5gVpMGgi
 o+MAoIoD2yfFxJOmjsZ55+5yuckjxOa7
 =Q/71
 -----END PGP SIGNATURE-----
State-Changed-From-To: open->closed 
State-Changed-By: wxs 
State-Changed-When: Tue Apr 21 14:23:46 UTC 2009 
State-Changed-Why:  
Maintainer has stated a correct fix for this problem is to run 
make_sqlite_tables as the bacula user. 

http://www.freebsd.org/cgi/query-pr.cgi?pr=133818 

From: Kostas Voulgaris <voulgaris@ceid.upatras.gr>
To: bug-followup@FreeBSD.org
Cc:  
Subject: Re: ports/133818: bacula-server-2.4.2: make_sqlite_tables sets
 wrong permmisions to db file
Date: Tue, 21 Apr 2009 17:52:30 +0300

 User bacula, when created after package installation, has login
 shell /sbin/nologin. Please change it in order to be able to login and
 run the database initialization scripts.
 
State-Changed-From-To: closed->open 
State-Changed-By: wxs 
State-Changed-When: Tue Apr 21 15:31:35 UTC 2009 
State-Changed-Why:  
Re-open as submitter has a valid point.  The shell should be changed so that the account can be used to initalize the database.  I'll work with Dan to get this fixed. 

http://www.freebsd.org/cgi/query-pr.cgi?pr=133818 

From: Wesley Shields <wxs@FreeBSD.org>
To: Dan Langille <dan@langille.org>
Cc: bug-followup@FreeBSD.org, Kostas Voulgaris <voulgaris@ceid.upatras.gr>
Subject: Re: ports/133818: bacula-server-2.4.2: make_sqlite_tables sets
	wrong permmisions to db file
Date: Thu, 23 Apr 2009 18:56:13 -0400

 --cNdxnHkX5QqsyA0e
 Content-Type: text/plain; charset=us-ascii
 Content-Disposition: inline
 
 How do the attached patches look?  They change the login shell to be
 /bin/sh instead of /sbin/nologin.
 
 -- WXS
 
 --cNdxnHkX5QqsyA0e
 Content-Type: text/x-diff; charset=us-ascii
 Content-Disposition: attachment; filename="bacula-server-devel.diff"
 
 Index: Makefile
 ===================================================================
 RCS file: /ncvs/ports/sysutils/bacula-server-devel/Makefile,v
 retrieving revision 1.34
 diff -u -r1.34 Makefile
 --- Makefile	15 Apr 2009 13:51:47 -0000	1.34
 +++ Makefile	23 Apr 2009 19:03:58 -0000
 @@ -7,6 +7,7 @@
  
  PORTNAME=	bacula
  DISTVERSION=	2.5.42-b2
 +PORTREVISION=	1
  CATEGORIES=	sysutils
  MASTER_SITES=	${MASTER_SITE_SOURCEFORGE}
  MASTER_SITE_SUBDIR=	bacula
 Index: pkg-install
 ===================================================================
 RCS file: /ncvs/ports/sysutils/bacula-server-devel/pkg-install,v
 retrieving revision 1.2
 diff -u -r1.2 pkg-install
 --- pkg-install	30 Mar 2006 19:35:57 -0000	1.2
 +++ pkg-install	23 Apr 2009 19:03:58 -0000
 @@ -49,7 +49,7 @@
  		fi
  	else
  		if pw useradd ${USER} -u ${UID} -g ${GROUP} -G operator -h - \
 -			-d ${BACULA_DIR} -s /sbin/nologin -c "Bacula Daemon"
 +			-d ${BACULA_DIR} -s /bin/sh -c "Bacula Daemon"
  		then
  			echo "Added user \"${USER}\"."
  		else
 
 --cNdxnHkX5QqsyA0e
 Content-Type: text/x-diff; charset=us-ascii
 Content-Disposition: attachment; filename="bacula-server.diff"
 
 Index: Makefile
 ===================================================================
 RCS file: /ncvs/ports/sysutils/bacula-server/Makefile,v
 retrieving revision 1.114
 diff -u -r1.114 Makefile
 --- Makefile	15 Apr 2009 13:51:47 -0000	1.114
 +++ Makefile	23 Apr 2009 19:03:44 -0000
 @@ -7,6 +7,7 @@
  
  PORTNAME=	bacula
  DISTVERSION=	3.0.0
 +PORTREVISION=	1
  CATEGORIES?=	sysutils
  MASTER_SITES=	${MASTER_SITE_SOURCEFORGE}
  MASTER_SITE_SUBDIR=	bacula
 Index: pkg-install.server
 ===================================================================
 RCS file: /ncvs/ports/sysutils/bacula-server/pkg-install.server,v
 retrieving revision 1.1
 diff -u -r1.1 pkg-install.server
 --- pkg-install.server	24 Sep 2007 03:05:51 -0000	1.1
 +++ pkg-install.server	23 Apr 2009 19:03:44 -0000
 @@ -49,7 +49,7 @@
  		fi
  	else
  		if pw useradd ${USER} -u ${UID} -g ${GROUP} -G operator -h - \
 -			-d ${BACULA_DIR} -s /sbin/nologin -c "Bacula Daemon"
 +			-d ${BACULA_DIR} -s /bin/sh -c "Bacula Daemon"
  		then
  			echo "Added user \"${USER}\"."
  		else
 
 --cNdxnHkX5QqsyA0e--

From: Dan Langille <dan@langille.org>
To: Wesley Shields <wxs@FreeBSD.org>
Cc: bug-followup@FreeBSD.org, 
 Kostas Voulgaris <voulgaris@ceid.upatras.gr>
Subject: Re: ports/133818: bacula-server-2.4.2: make_sqlite_tables sets	wrong
 permmisions to db file
Date: Sat, 25 Apr 2009 13:36:54 -0400

 -----BEGIN PGP SIGNED MESSAGE-----
 Hash: SHA1
 
 Wesley Shields wrote:
 > How do the attached patches look?  They change the login shell to be
 > /bin/sh instead of /sbin/nologin.
 
 Am I correct: You don't have to login as bacula to run a command as
 bacula. Can su or sudo can handle this?
 
 see http://www.freebsddiary.org/phorum/read.php?f=4&i=315&t=315
 
 Offhand, I understood the poing of /sbin/nologin was to prevent people
 from logging in as the daemon.
 
 - --
 Dan Langille
 
 BSDCan - The Technical BSD Conference : http://www.bsdcan.org/
 PGCon  - The PostgreSQL Conference:     http://www.pgcon.org/
 -----BEGIN PGP SIGNATURE-----
 Version: GnuPG v2.0.11 (FreeBSD)
 Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
 
 iEYEARECAAYFAknzSjYACgkQCgsXFM/7nTxt+gCfUwCLD4a1LuO5EAZ7lknNHjDO
 7M8AoMAddV9BZXZ9sxGU/ylA4nKuGWxO
 =M3YS
 -----END PGP SIGNATURE-----

From: Wesley Shields <wxs@FreeBSD.org>
To: Dan Langille <dan@langille.org>
Cc: bug-followup@FreeBSD.org
Subject: Re: ports/133818: bacula-server-2.4.2: make_sqlite_tables sets
 wrong permmisions to db file
Date: Fri, 24 Jul 2009 16:03:32 -0400

 Sorry for the delay, this must have got lost on my end at some point.
 
 On Sat, Apr 25, 2009 at 05:40:02PM +0000, Dan Langille wrote:
 >  Wesley Shields wrote:
 >  > How do the attached patches look?  They change the login shell to be
 >  > /bin/sh instead of /sbin/nologin.
 >  
 >  Am I correct: You don't have to login as bacula to run a command as
 >  bacula. Can su or sudo can handle this?
 
 Sudo can handle it, su can not as far as I know.
 
 Since not everybody uses sudo I think we should change the shell so that
 people can execute the step with the correct permissions.
 
 >  Offhand, I understood the poing of /sbin/nologin was to prevent people
 >  from logging in as the daemon.
 
 Yes, but in some cases it may be useful to become the same user as the
 daemon - I'm specifically thinking about this case. Postgres is an
 example of this:
 
 pgsql:*:70:70:PostgreSQL Daemon:/usr/local/pgsql:/bin/sh
 
 I've occasionally had the need to become the pgsql user to perform some
 database tasks.
 
 -- WXS
State-Changed-From-To: open->feedback 
State-Changed-By: wxs 
State-Changed-When: Fri Jul 24 20:18:37 UTC 2009 
State-Changed-Why:  
Pending maintainer feedback. 

http://www.freebsd.org/cgi/query-pr.cgi?pr=133818 

From: Dan Langille <dan@langille.org>
To: Wesley Shields <wxs@FreeBSD.org>
Cc: bug-followup@FreeBSD.org
Subject: Re: ports/133818: bacula-server-2.4.2: make_sqlite_tables sets wrong
 permmisions to db file
Date: Sat, 25 Jul 2009 21:10:43 -0400

 -----BEGIN PGP SIGNED MESSAGE-----
 Hash: SHA1
 
 Wesley Shields wrote:
 > Sorry for the delay, this must have got lost on my end at some point.
 > 
 > On Sat, Apr 25, 2009 at 05:40:02PM +0000, Dan Langille wrote:
 >>  Wesley Shields wrote:
 >>  > How do the attached patches look?  They change the login shell to be
 >>  > /bin/sh instead of /sbin/nologin.
 >>  
 >>  Am I correct: You don't have to login as bacula to run a command as
 >>  bacula. Can su or sudo can handle this?
 > 
 > Sudo can handle it, su can not as far as I know.
 
 [root@laptop /usr/home/dan]# su -m bacula
 laptop# id
 uid=910(bacula) gid=910(bacula) groups=910(bacula),5(operator)
 laptop#
 
 That looks like bacula to me.
 
 - --
 Dan Langille
 
 BSDCan - The Technical BSD Conference : http://www.bsdcan.org/
 PGCon  - The PostgreSQL Conference:     http://www.pgcon.org/
 -----BEGIN PGP SIGNATURE-----
 Version: GnuPG v2.0.11 (FreeBSD)
 Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
 
 iEYEARECAAYFAkprrRMACgkQCgsXFM/7nTxiRgCgtXs5ZWps8IcH/YcyUgBVPBzK
 3q0AoP3h6UoHVq6N9vhVj6QB4PmNp+Ga
 =9sjd
 -----END PGP SIGNATURE-----

From: Wesley Shields <wxs@FreeBSD.org>
To: Dan Langille <dan@langille.org>
Cc: bug-followup@FreeBSD.org
Subject: Re: ports/133818: bacula-server-2.4.2: make_sqlite_tables sets
 wrong permmisions to db file
Date: Mon, 27 Jul 2009 20:52:44 -0400

 On Sat, Jul 25, 2009 at 09:10:43PM -0400, Dan Langille wrote:
 > -----BEGIN PGP SIGNED MESSAGE-----
 > Hash: SHA1
 > 
 > Wesley Shields wrote:
 > > Sorry for the delay, this must have got lost on my end at some point.
 > > 
 > > On Sat, Apr 25, 2009 at 05:40:02PM +0000, Dan Langille wrote:
 > >>  Wesley Shields wrote:
 > >>  > How do the attached patches look?  They change the login shell to be
 > >>  > /bin/sh instead of /sbin/nologin.
 > >>  
 > >>  Am I correct: You don't have to login as bacula to run a command as
 > >>  bacula. Can su or sudo can handle this?
 > > 
 > > Sudo can handle it, su can not as far as I know.
 > 
 > [root@laptop /usr/home/dan]# su -m bacula
 > laptop# id
 > uid=910(bacula) gid=910(bacula) groups=910(bacula),5(operator)
 > laptop#
 > 
 > That looks like bacula to me.
 
 Doesn't that require a password to bet set on the bacula account? If I'm
 reading the pkg-install script correctly it calls pw(8) with "-h -"
 which locks the account.
 
 -- WXS

From: Dan Langille <dan@langille.org>
To: Wesley Shields <wxs@FreeBSD.org>
Cc: bug-followup@FreeBSD.org
Subject: Re: ports/133818: bacula-server-2.4.2: make_sqlite_tables sets wrong
 permmisions to db file
Date: Mon, 27 Jul 2009 21:27:02 -0400

 -----BEGIN PGP SIGNED MESSAGE-----
 Hash: SHA1
 
 Wesley Shields wrote:
 > On Sat, Jul 25, 2009 at 09:10:43PM -0400, Dan Langille wrote:
 >> -----BEGIN PGP SIGNED MESSAGE-----
 >> Hash: SHA1
 >>
 >> Wesley Shields wrote:
 >>> Sorry for the delay, this must have got lost on my end at some point.
 >>>
 >>> On Sat, Apr 25, 2009 at 05:40:02PM +0000, Dan Langille wrote:
 >>>>  Wesley Shields wrote:
 >>>>  > How do the attached patches look?  They change the login shell to be
 >>>>  > /bin/sh instead of /sbin/nologin.
 >>>>  
 >>>>  Am I correct: You don't have to login as bacula to run a command as
 >>>>  bacula. Can su or sudo can handle this?
 >>> Sudo can handle it, su can not as far as I know.
 >> [root@laptop /usr/home/dan]# su -m bacula
 >> laptop# id
 >> uid=910(bacula) gid=910(bacula) groups=910(bacula),5(operator)
 >> laptop#
 >>
 >> That looks like bacula to me.
 > 
 > Doesn't that require a password to bet set on the bacula account? If I'm
 > reading the pkg-install script correctly it calls pw(8) with "-h -"
 > which locks the account.
 
 The bacula account has no password:
 
 [root@laptop ~]# grep bacula /etc/master.passwd
 bacula:*:910:910::0:0:Bacula Daemon:/var/db/bacula:/sbin/nologin
 [root@laptop ~]#
 
 - --
 Dan Langille
 
 BSDCan - The Technical BSD Conference : http://www.bsdcan.org/
 PGCon  - The PostgreSQL Conference:     http://www.pgcon.org/
 -----BEGIN PGP SIGNATURE-----
 Version: GnuPG v2.0.11 (FreeBSD)
 Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
 
 iEYEARECAAYFAkpuU+YACgkQCgsXFM/7nTx40ACfeM0psPZZohLXiZl5CV39qJ05
 ah4AmwYjYJxLSlDuaz1yYkZ43RbQ44Ov
 =xxqO
 -----END PGP SIGNATURE-----

From: Wesley Shields <wxs@FreeBSD.org>
To: Dan Langille <dan@langille.org>
Cc: bug-followup@FreeBSD.org
Subject: Re: ports/133818: bacula-server-2.4.2: make_sqlite_tables sets
 wrong permmisions to db file
Date: Tue, 28 Jul 2009 11:58:39 -0400

 On Mon, Jul 27, 2009 at 09:27:02PM -0400, Dan Langille wrote:
 > -----BEGIN PGP SIGNED MESSAGE-----
 > Hash: SHA1
 > 
 > Wesley Shields wrote:
 > > On Sat, Jul 25, 2009 at 09:10:43PM -0400, Dan Langille wrote:
 > >> -----BEGIN PGP SIGNED MESSAGE-----
 > >> Hash: SHA1
 > >>
 > >> Wesley Shields wrote:
 > >>> Sorry for the delay, this must have got lost on my end at some point.
 > >>>
 > >>> On Sat, Apr 25, 2009 at 05:40:02PM +0000, Dan Langille wrote:
 > >>>>  Wesley Shields wrote:
 > >>>>  > How do the attached patches look?  They change the login shell to be
 > >>>>  > /bin/sh instead of /sbin/nologin.
 > >>>>  
 > >>>>  Am I correct: You don't have to login as bacula to run a command as
 > >>>>  bacula. Can su or sudo can handle this?
 > >>> Sudo can handle it, su can not as far as I know.
 > >> [root@laptop /usr/home/dan]# su -m bacula
 > >> laptop# id
 > >> uid=910(bacula) gid=910(bacula) groups=910(bacula),5(operator)
 > >> laptop#
 > >>
 > >> That looks like bacula to me.
 > > 
 > > Doesn't that require a password to bet set on the bacula account? If I'm
 > > reading the pkg-install script correctly it calls pw(8) with "-h -"
 > > which locks the account.
 > 
 > The bacula account has no password:
 > 
 > [root@laptop ~]# grep bacula /etc/master.passwd
 > bacula:*:910:910::0:0:Bacula Daemon:/var/db/bacula:/sbin/nologin
 > [root@laptop ~]#
 
 I can't reproduce your conclusions.
 
 I just installed sysutils/bacula-server and tried to use the line above
 (su -m bacula) but the result was failure. Is it possible that there is
 something else going on here?
 
 -- WXS

From: Dan Langille <dan@langille.org>
To: Wesley Shields <wxs@FreeBSD.org>
Cc: "bug-followup@FreeBSD.org" <bug-followup@FreeBSD.org>
Subject: Re: ports/133818: bacula-server-2.4.2: make_sqlite_tables sets wrong permmisions to db file
Date: Tue, 28 Jul 2009 13:54:27 -0400

 I will try again. What was your failure message/error.
 
 --  
 Dan Langille
 http://langille.org/
 
 
 On Jul 28, 2009, at 11:58 AM, Wesley Shields <wxs@FreeBSD.org> wrote:
 
 > On Mon, Jul 27, 2009 at 09:27:02PM -0400, Dan Langille wrote:
 >> -----BEGIN PGP SIGNED MESSAGE-----
 >> Hash: SHA1
 >>
 >> Wesley Shields wrote:
 >>> On Sat, Jul 25, 2009 at 09:10:43PM -0400, Dan Langille wrote:
 >>>> -----BEGIN PGP SIGNED MESSAGE-----
 >>>> Hash: SHA1
 >>>>
 >>>> Wesley Shields wrote:
 >>>>> Sorry for the delay, this must have got lost on my end at some  
 >>>>> point.
 >>>>>
 >>>>> On Sat, Apr 25, 2009 at 05:40:02PM +0000, Dan Langille wrote:
 >>>>>> Wesley Shields wrote:
 >>>>>>> How do the attached patches look?  They change the login shell  
 >>>>>>> to be
 >>>>>>> /bin/sh instead of /sbin/nologin.
 >>>>>>
 >>>>>> Am I correct: You don't have to login as bacula to run a  
 >>>>>> command as
 >>>>>> bacula. Can su or sudo can handle this?
 >>>>> Sudo can handle it, su can not as far as I know.
 >>>> [root@laptop /usr/home/dan]# su -m bacula
 >>>> laptop# id
 >>>> uid=910(bacula) gid=910(bacula) groups=910(bacula),5(operator)
 >>>> laptop#
 >>>>
 >>>> That looks like bacula to me.
 >>>
 >>> Doesn't that require a password to bet set on the bacula account?  
 >>> If I'm
 >>> reading the pkg-install script correctly it calls pw(8) with "-h -"
 >>> which locks the account.
 >>
 >> The bacula account has no password:
 >>
 >> [root@laptop ~]# grep bacula /etc/master.passwd
 >> bacula:*:910:910::0:0:Bacula Daemon:/var/db/bacula:/sbin/nologin
 >> [root@laptop ~]#
 >
 > I can't reproduce your conclusions.
 >
 > I just installed sysutils/bacula-server and tried to use the line  
 > above
 > (su -m bacula) but the result was failure. Is it possible that there  
 > is
 > something else going on here?
 >
 > -- WXS

From: Wesley Shields <wxs@FreeBSD.org>
To: Dan Langille <dan@langille.org>
Cc: "bug-followup@FreeBSD.org" <bug-followup@FreeBSD.org>
Subject: Re: ports/133818: bacula-server-2.4.2: make_sqlite_tables sets
 wrong permmisions to db file
Date: Tue, 28 Jul 2009 14:01:36 -0400

 On Tue, Jul 28, 2009 at 01:54:27PM -0400, Dan Langille wrote:
 > I will try again. What was your failure message/error.
 
 wxs@rst bacula-server % su -m bacula
 Password:
 su: Sorry
 
 Doesn't help much. ;)
 
 -- WXS

From: "Dan Langille" <dan@langille.org>
To: "Wesley Shields" <wxs@FreeBSD.org>
Cc: "Dan Langille" <dan@langille.org>,
 "bug-followup@FreeBSD.org" <bug-followup@freebsd.org>
Subject: Re: ports/133818: bacula-server-2.4.2: make_sqlite_tables sets 
     wrong permmisions to db file
Date: Tue, 28 Jul 2009 14:26:14 -0400 (EDT)

 On Tue, July 28, 2009 2:01 pm, Wesley Shields wrote:
 > On Tue, Jul 28, 2009 at 01:54:27PM -0400, Dan Langille wrote:
 >> I will try again. What was your failure message/error.
 >
 > wxs@rst bacula-server % su -m bacula
 > Password:
 > su: Sorry
 >
 > Doesn't help much. ;)
 
 It helps.
 
 Now try that as root, not as wxs.
 
 -- 
 Dan Langille -- http://langille.org/
 

From: Wesley Shields <wxs@FreeBSD.org>
To: Dan Langille <dan@langille.org>
Cc: "bug-followup@FreeBSD.org" <bug-followup@freebsd.org>
Subject: Re: ports/133818: bacula-server-2.4.2: make_sqlite_tables sets
 wrong permmisions to db file
Date: Tue, 28 Jul 2009 15:09:29 -0400

 --xHFwDpU9dbj6ez1V
 Content-Type: text/plain; charset=us-ascii
 Content-Disposition: inline
 
 On Tue, Jul 28, 2009 at 02:26:14PM -0400, Dan Langille wrote:
 > 
 > On Tue, July 28, 2009 2:01 pm, Wesley Shields wrote:
 > > On Tue, Jul 28, 2009 at 01:54:27PM -0400, Dan Langille wrote:
 > >> I will try again. What was your failure message/error.
 > >
 > > wxs@rst bacula-server % su -m bacula
 > > Password:
 > > su: Sorry
 > >
 > > Doesn't help much. ;)
 > 
 > It helps.
 > 
 > Now try that as root, not as wxs.
 
 Wow, it's been an insanely long month for me. Sorry for the noise.
 Attached is a patch which does a couple of things:
 
 - Remove whitespace in pkg-deinstall.server
 - Uses %%PREFIX%% in files/pkg-message.client.in and
   files/pkg-message.server.in
 - Document the need to run make_sqlite_tables as the bacula user
 
 This patch has already been approved by Dan on IRC but miwi has another
 patch to update the port to a new version. I'm attaching this patch for
 reference so that they both can be committed at the same time.
 
 -- WXS
 
 --xHFwDpU9dbj6ez1V
 Content-Type: text/x-diff; charset=us-ascii
 Content-Disposition: attachment; filename="bacula.diff"
 
 Index: pkg-deinstall.server
 ===================================================================
 RCS file: /ncvs/ports/sysutils/bacula-server/pkg-deinstall.server,v
 retrieving revision 1.1
 diff -u -r1.1 pkg-deinstall.server
 --- pkg-deinstall.server	24 Sep 2007 03:05:51 -0000	1.1
 +++ pkg-deinstall.server	28 Jul 2009 18:56:38 -0000
 @@ -25,7 +25,7 @@
  	USER=bacula
  	GROUP=${USER}
  	if pw usershow "${USER}" 2>/dev/null 1>&2; then
 -	    echo "To delete Bacula user  permanently, use 'pw userdel  ${USER}'"
 +	    echo "To delete Bacula user permanently, use 'pw userdel ${USER}'"
  	    echo "To delete Bacula group permanently, use 'pw groupdel ${GROUP}'"
  	fi
          ;;
 Index: files/pkg-message.client.in
 ===================================================================
 RCS file: /ncvs/ports/sysutils/bacula-server/files/pkg-message.client.in,v
 retrieving revision 1.2
 diff -u -r1.2 pkg-message.client.in
 --- files/pkg-message.client.in	16 Aug 2007 20:37:40 -0000	1.2
 +++ files/pkg-message.client.in	28 Jul 2009 18:56:38 -0000
 @@ -1,7 +1,7 @@
  ################################################################################
  
  NOTE:
 -Sample files are installed in ${PREFIX}/etc:
 +Sample files are installed in %%PREFIX%%/etc:
  bconsole.conf.sample, bacula-barcodes.sample, bacula-fd.conf.sample
  
    Please read this file:
 Index: files/pkg-message.server.in
 ===================================================================
 RCS file: /ncvs/ports/sysutils/bacula-server/files/pkg-message.server.in,v
 retrieving revision 1.2
 diff -u -r1.2 pkg-message.server.in
 --- files/pkg-message.server.in	16 Aug 2007 20:37:40 -0000	1.2
 +++ files/pkg-message.server.in	28 Jul 2009 18:56:38 -0000
 @@ -4,12 +4,12 @@
  An auto-changer manipulation script based on FreeBSDs
  chio command is included and installed at
  
 -  ${PREFIX}/sbin/chio-bacula
 +  %%PREFIX%%/sbin/chio-bacula
  
  Please have a look at it if you want to use an
  autochanger. You have to configure the usage in
  
 -  ${PREFIX}/etc/bacula-dir.conf
 +  %%PREFIX%%/etc/bacula-dir.conf
  
  Take care of correct permissions for changer and
  tape device (e.g. /dev/ch0 and /dev/n[r]sa0) i.e.
 @@ -43,7 +43,7 @@
  For USB support read the bacula manual. It could be necessary
  to configure/compile a new kernel.
  
 -Look at ${PREFIX}/share/bacula/update_bacula_tables for
 +Look at %%PREFIX%%/share/bacula/update_bacula_tables for
  database update procedure. Details can be found in the
  ReleaseNotes
  
 @@ -60,4 +60,6 @@
  
  Read the ReleaseNotes for further information.
  
 +If you are using sqlite you need to run the make_sqlite_tables script as
 +the bacula user. Do this using 'sudo su -m bacula'.
  ################################################################################
 
 --xHFwDpU9dbj6ez1V--
Responsible-Changed-From-To: wxs->miwi 
Responsible-Changed-By: miwi 
Responsible-Changed-When: Tue Jul 28 19:11:04 UTC 2009 
Responsible-Changed-Why:  
take over to merge that in 3.0.2 update, oked by wesley 

http://www.freebsd.org/cgi/query-pr.cgi?pr=133818 
Responsible-Changed-From-To: miwi->wxs 
Responsible-Changed-By: miwi 
Responsible-Changed-When: Sat Aug 1 16:58:28 UTC 2009 
Responsible-Changed-Why:  
i lose the time with working on KDE 4.3 update, so i forward both to 
wesly. 

http://www.freebsd.org/cgi/query-pr.cgi?pr=133818 
State-Changed-From-To: feedback->closed 
State-Changed-By: wxs 
State-Changed-When: Fri Aug 14 20:03:23 UTC 2009 
State-Changed-Why:  
Documentation on the proper fix has been added to the port. 

http://www.freebsd.org/cgi/query-pr.cgi?pr=133818 
>Unformatted:
