Page MenuHomeFreeBSD

Migrate tcpdump to a dedicated user
ClosedPublic

Authored by eadler on Jun 16 2018, 3:57 AM.

Details

Summary

"nobody" should only be used by NFS and nothing should run as
it. Instead give tcpdump a dedicated user.

(this was already approved by maintainer; phab is for mechanical
correctness)

Diff Detail

Repository
rP FreeBSD ports repository
Lint
Automatic diff as part of commit; lint not applicable.
Unit
Automatic diff as part of commit; unit tests not applicable.

Event Timeline

This is good, but you need to add the last bit that will create the special user when the package is installed.

You shouldn't create the userid unconditionally for a package where the USER option defaults to off.

USER_VARS= USERS=${UNPRIV_USER} GROUPS=${UNPRIV_USER}

You should update the USER_DESC setting too

Test builds with the USER option selected are failing when trying to create the tcpdump group due to a malformed GIDs line.
Fixing that locally means everything builds OK, although there is this warning at the end of the configure phase:

...
configure: creating ./config.status
config.status: creating Makefile
config.status: creating tcpdump.1
config.status: creating config.h
config.status: executing default-1 commands
configure: WARNING: unrecognized options: --enable-ipv6

Looks like IPv6 support is no longer optional.

GIDs
828 ↗(On Diff #43922)

You're missing a field here:

tcpdump:*:885

Approved, subject to addressing my latest comments.

This revision is now accepted and ready to land.Jun 16 2018, 8:09 PM
This revision was automatically updated to reflect the committed changes.