From nobody@FreeBSD.org  Thu Feb 10 23:19:19 2005
Return-Path: <nobody@FreeBSD.org>
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id 7A30E16A4CE
	for <freebsd-gnats-submit@FreeBSD.org>; Thu, 10 Feb 2005 23:19:19 +0000 (GMT)
Received: from www.freebsd.org (www.freebsd.org [216.136.204.117])
	by mx1.FreeBSD.org (Postfix) with ESMTP id 3C93D43D1D
	for <freebsd-gnats-submit@FreeBSD.org>; Thu, 10 Feb 2005 23:19:19 +0000 (GMT)
	(envelope-from nobody@FreeBSD.org)
Received: from www.freebsd.org (localhost [127.0.0.1])
	by www.freebsd.org (8.13.1/8.13.1) with ESMTP id j1ANJJJu072600
	for <freebsd-gnats-submit@FreeBSD.org>; Thu, 10 Feb 2005 23:19:19 GMT
	(envelope-from nobody@www.freebsd.org)
Received: (from nobody@localhost)
	by www.freebsd.org (8.13.1/8.13.1/Submit) id j1ANJItx072599;
	Thu, 10 Feb 2005 23:19:19 GMT
	(envelope-from nobody)
Message-Id: <200502102319.j1ANJItx072599@www.freebsd.org>
Date: Thu, 10 Feb 2005 23:19:19 GMT
From: Scott Balmos <scott.balmos@utoledo.edu>
To: freebsd-gnats-submit@FreeBSD.org
Subject: amavisd-new account creation patch
X-Send-Pr-Version: www-2.3

>Number:         77366
>Category:       ports
>Synopsis:       amavisd-new account creation patch
>Confidential:   no
>Severity:       non-critical
>Priority:       low
>Responsible:    leeym
>State:          closed
>Quarter:        
>Keywords:       
>Date-Required:  
>Class:          update
>Submitter-Id:   current-users
>Arrival-Date:   Thu Feb 10 23:20:17 GMT 2005
>Closed-Date:    Sun Feb 13 21:07:50 GMT 2005
>Last-Modified:  Sun Feb 13 21:07:50 GMT 2005
>Originator:     Scott Balmos
>Release:        5.3-RELEASE
>Organization:
>Environment:
FreeBSD flyingpig.simunex.com 5.3-RELEASE FreeBSD 5.3-RELEASE #5: Fri Nov 12 16:52:26 EST 2004 sbalmos@flyingpig.simunex.com:/usr/obj/usr/src/sys/FLYINGPIG  i386

>Description:
The port of amavisd-new (security/amavisd-new) creates a user account and group, vscan/vscan, for Amavis to run under. However, the command to pw which creates the account does not specify a UID. Thus, the account is created using the next available normal user uid, not with a uid normally reserved in the "system account" space (uid/gid <1000). This can be annoying to systems set up with user account managers that do not use pw and /etc/master.password, and are shared across multiple servers (e.g. LDAP). vscan on one box could be 1002, on another box could be 1010, etc, depending on how many regular user accounts were created before the amavisd-new port was installed.

It would be better if the vscan user was created using an explicit "system account" uid/gid, such as uid/gid 102 (which doesn't seem to be used by any port that I know of).

>How-To-Repeat:
Load a fresh FreeBSD box. Create a few normal user accounts (e.g. ones that are auto-assigned uid's, incrementing starting from uid 1000).

Install security/amavisd-new somewhere along the line.

pw usershow vscan and pw groupshow vscan. Note they are also given auto-assigned uid's.

>Fix:
Explicitly assign uid/gid 102 to vscan.

--- /usr/ports/security/amavisd-new/files/INSTALL.tmpl  Thu Aug 12 08:44:03 2004
+++ INSTALL.tmpl        Thu Feb 10 18:17:39 2005
@@ -13,7 +13,7 @@
     if /usr/sbin/pw groupshow "${GROUP}" 2>/dev/null; then
        echo "You already have a group \"${GROUP}\", so I will use it."
     else
-       if /usr/sbin/pw groupadd ${GROUP} -h -
+       if /usr/sbin/pw groupadd ${GROUP} -h -g 102 -
        then
            echo "Added group \"${GROUP}\"."
        else
@@ -29,7 +29,8 @@
        if /usr/sbin/pw useradd ${USER} -g ${GROUP} -h - \
           -d ${DIR} \
           -s /bin/sh \
-          -c "Scanning Virus Account"
+          -c "Scanning Virus Account" \
+          -u 102
        then
            echo "Added user \"${USER}\"."
        else

>Release-Note:
>Audit-Trail:

From: Scott Balmos <scott.balmos@utoledo.edu>
To: FreeBSD-gnats-submit@FreeBSD.org, freebsd-ports-bugs@FreeBSD.org
Cc:  
Subject: Re: ports/77366: amavisd-new account creation patch
Date: Thu, 10 Feb 2005 18:37:26 -0500

 Oops... Mistake here. Didn't check Sect. 17.12 of the Porter's Handbook 
 first. :(
 
 New suggested uid/gid: 110
 
 --- /usr/ports/security/amavisd-new/files/INSTALL.tmpl  Thu Aug 12 
 08:44:03 2004
 +++ INSTALL.tmpl        Thu Feb 10 18:17:39 2005
 @@ -13,7 +13,7 @@
      if /usr/sbin/pw groupshow "${GROUP}" 2>/dev/null; then
         echo "You already have a group \"${GROUP}\", so I will use it."
      else
 -       if /usr/sbin/pw groupadd ${GROUP} -h -
 +       if /usr/sbin/pw groupadd ${GROUP} -h -g 102 -
         then
             echo "Added group \"${GROUP}\"."
         else
 @@ -29,7 +29,8 @@
         if /usr/sbin/pw useradd ${USER} -g ${GROUP} -h - \
            -d ${DIR} \
            -s /bin/sh \
 -          -c "Scanning Virus Account"
 +          -c "Scanning Virus Account" \
 +          -u 110
         then
             echo "Added user \"${USER}\"."
         else
 
 
Responsible-Changed-From-To: freebsd-ports-bugs->leeym 
Responsible-Changed-By: leeym 
Responsible-Changed-When: Fri Feb 11 20:17:25 GMT 2005 
Responsible-Changed-Why:  
I will take care of this PR. 

http://www.freebsd.org/cgi/query-pr.cgi?pr=77366 

From: Yen-Ming Lee <leeym@FreeBSD.org>
To: freebsd-gnats-submit@FreeBSD.org, blaz@si.FreeBSD.org
Cc:  
Subject: Re: ports/77366: amavisd-new account creation patch
Date: Sat, 12 Feb 2005 04:19:10 +0800

 Hi, maintainer,
 
 Could you please take a look on this patch?
 http://www.freebsd.org/cgi/query-pr.cgi?pr=ports/77366
 
 regards,
 -- 
 Yen-Ming Lee [utf7:+Z05fZWYO] | KeyID:0x5EB52E51 | Taipei, Taiwan

From: Blaz Zupan <blaz@si.FreeBSD.org>
To: Yen-Ming Lee <leeym@FreeBSD.org>
Cc: freebsd-gnats-submit@FreeBSD.org
Subject: Re: ports/77366: amavisd-new account creation patch
Date: Sun, 13 Feb 2005 13:12:02 +0100 (CET)

 > Could you please take a look on this patch?
 > http://www.freebsd.org/cgi/query-pr.cgi?pr=ports/77366
 
 Approved. Don't forget to reserve the UIDs in the porters handbook and to 
 increase the portrevision.
State-Changed-From-To: open->closed 
State-Changed-By: leeym 
State-Changed-When: Sun Feb 13 21:07:49 GMT 2005 
State-Changed-Why:  
Committed, thanks. 

http://www.freebsd.org/cgi/query-pr.cgi?pr=77366 
>Unformatted:
