"nobody" should only be used by NFS and nothing should run as
it. Instead give tcpdump a dedicated user.
(this was already approved by maintainer; phab is for mechanical
correctness)
Details
Details
- Reviewers
matthew - Commits
- rP472578: net/tcpdump: use dedicated user for privsep
Diff Detail
Diff Detail
- Repository
- rP FreeBSD ports repository
- Lint
No Lint Coverage - Unit
No Test Coverage - Build Status
Buildable 17324 Build 17159: arc lint + arc unit
Event Timeline
Comment Actions
This is good, but you need to add the last bit that will create the special user when the package is installed.
You shouldn't create the userid unconditionally for a package where the USER option defaults to off.
USER_VARS= USERS=${UNPRIV_USER} GROUPS=${UNPRIV_USER}
You should update the USER_DESC setting too
Comment Actions
Test builds with the USER option selected are failing when trying to create the tcpdump group due to a malformed GIDs line.
Fixing that locally means everything builds OK, although there is this warning at the end of the configure phase:
... configure: creating ./config.status config.status: creating Makefile config.status: creating tcpdump.1 config.status: creating config.h config.status: executing default-1 commands configure: WARNING: unrecognized options: --enable-ipv6
Looks like IPv6 support is no longer optional.
| GIDs | ||
|---|---|---|
| 828 | You're missing a field here: tcpdump:*:885 | |