diff --git a/net-mgmt/net-snmp/files/snmpd.in b/net-mgmt/net-snmp/files/snmpd.in index 7f75cacad813..6e89d9cb1c5b 100644 --- a/net-mgmt/net-snmp/files/snmpd.in +++ b/net-mgmt/net-snmp/files/snmpd.in @@ -1,74 +1,94 @@ #!/bin/sh # PROVIDE: snmpd # REQUIRE: DAEMON # # Add the following line to /etc/rc.conf to enable snmpd: # # snmpd_enable="YES" # snmpd_flags="" # snmpd_conffile="" # # Add the following line to make snmpd drop privileges after initialization. -# This might invalidate existing SNMPv3 users. +# This might invalidate existing SNMPv3 users. Make sure that configuration +# files are readable by the snmpd user. # # snmpd_sugid="YES" # . /etc/rc.subr name=snmpd rcvar=snmpd_enable load_rc_config snmpd snmpd_enable=${snmpd_enable:-"NO"} snmpd_flush_cache=${snmpd_flush_cache-"NO"} snmpd_sugid=${snmpd_sugid:-"NO"} pidfile=${snmpd_pidfile:-"/var/run/net_snmpd.pid"} command=%%PREFIX%%/sbin/${name} start_precmd=net_snmpd_precmd -net_snmpd_precmd () { - local flag conffile snmpd_conffile_set +check_conffile() +{ + local conffile + + conffile=$1 + + if [ ! -f "${conffile}" ]; then + warn "snmpd configuration file $conffile not found" + return + fi + su -m snmpd -c "test -r ${conffile}" + if [ $? -ne 0 ]; then + warn "snmpd configuration file $conffile not readable by snmpd user" + fi +} + +net_snmpd_precmd() { + local flag conffile snmpd_conffile_set readable if checkyesno snmpd_flush_cache; then rm -vf /var/net-snmp/.snmp-exec-cache fi for flag in ${snmpd_flags}; do case "${flag}" in -p*) err 1 "\$snmpd_flags includes -p option." \ "Please use \$snmpd_pidfile instead." ;; -c*) err 1 "\$snmpd_flags includes -c option." \ "Please use \$snmpd_conffile instead." ;; esac done + # -c does not override the default config file. + check_conffile %%PREFIX%%/share/snmp/snmpd.conf for conffile in ${snmpd_conffile}; do + check_conffile ${conffile} if [ -f "${conffile}" -a -s "${conffile}" ]; then - snmpd_conffile_set="${snmpd_conffile_set},${conffile}" + snmpd_conffile_set="${snmpd_conffile_set},${conffile}" else - err 1 "snmpd configuration file $conffile not found." + err 1 "snmpd configuration file $conffile not found." fi done # snmpd syntax requires that the listening address (if defined) be the last argument if [ -n "${snmpd_conffile_set}" ]; then rc_flags="-c ${snmpd_conffile_set#,} ${rc_flags}" fi if checkyesno snmpd_sugid; then rc_flags="-u snmpd -g snmpd ${rc_flags}" fi rc_flags="-p ${pidfile} ${rc_flags}" } run_rc_command "$1"