MFH: r551655

Create dedicated sandbox user for wsdd service

This changes the account the wsdd service runs under from the generic
'daemon' user to its own dedicated '_wsdd' user.

Approved by:	ports-secteam (joneum)
PR:		250159
This commit is contained in:
Dimitry Andric 2020-10-08 21:34:55 +00:00
parent 4f72c92489
commit 7980121171
Notes: svn2git 2021-03-31 03:12:20 +00:00
svn path=/branches/2020Q4/; revision=551735
4 changed files with 7 additions and 4 deletions

2
GIDs
View File

@ -310,7 +310,7 @@ httptunnel:*:361:
# free: 367
# free: 368
# free: 369
# free: 370
_wsdd:*:370:
# free: 371
# free: 372
# free: 373

2
UIDs
View File

@ -315,7 +315,7 @@ httptunnel:*:361:361::0:0:httptunnel Daemon:/nonexistent:/usr/sbin/nologin
# free: 367
# free: 368
# free: 369
# free: 370
_wsdd:*:370:370::0:0:Web Service Discovery Daemon:/nonexistent:/usr/sbin/nologin
# free: 371
# free: 372
# free: 373

View File

@ -3,7 +3,7 @@
PORTNAME= wsdd
DISTVERSIONPREFIX= v
DISTVERSION= 0.6.1
PORTREVISION= 1
PORTREVISION= 2
CATEGORIES= net python
PKGNAMEPREFIX= ${PYTHON_PKGNAMEPREFIX}
@ -20,6 +20,9 @@ SHEBANG_FILES= src/${PORTNAME}.py
NO_ARCH= yes
NO_BUILD= yes
USERS= _wsdd
GROUPS= _wsdd
PLIST_FILES= bin/${PORTNAME} \
etc/rc.d/${PORTNAME} \
man/man1/${PORTNAME}.1.gz

View File

@ -68,7 +68,7 @@
+wsdd_start()
+{
+ echo -n "Starting ${name}."
+ /usr/sbin/daemon -u daemon -S -p ${pidfile} ${command} ${wsdd_opts}
+ /usr/sbin/daemon -u _wsdd -S -p ${pidfile} ${command} ${wsdd_opts}
+}
+
run_rc_command "$1"