dictd(8) drops privileges to nonexistent "dictd" and "nobody" in
that order, if started as root.
Recycle an old ID from 2016 as new "_dictd".
Provide an rc script so I can 'rcctl enable dictd' instead of running
it as my own user. This way we can make the service listen on localhost
instead of the wildcard address by default, which I consider a saner
default.
It won't start until you provide /etc/dictd.conf, but that's fine.
The port ships a manual and examples.
Feedback? Objection? OK?
Index: infrastructure/db/user.list
===================================================================
RCS file: /cvs/ports/infrastructure/db/user.list,v
diff -u -p -r1.430 user.list
--- infrastructure/db/user.list 15 Aug 2023 15:54:30 -0000 1.430
+++ infrastructure/db/user.list 22 Oct 2023 00:27:24 -0000
@@ -30,7 +30,7 @@ id user group port
519 _news _news news/leafnode
520 _majordomo _majordomo mail/majordomo
521 _exim _exim mail/exim
-#522 _xcept _xcept comms/xcept
+522 _dictd _dictd net/dictd,-server
523 _ffproxy _ffproxy www/ffproxy
#524 _mail mail/openwebmail
525 _quagga _quagga net/quagga
Index: net/dictd/Makefile
===================================================================
RCS file: /cvs/ports/net/dictd/Makefile,v
diff -u -p -r1.17 Makefile
--- net/dictd/Makefile 26 Oct 2023 16:49:27 -0000 1.17
+++ net/dictd/Makefile 26 Oct 2023 19:35:35 -0000
@@ -4,12 +4,20 @@ COMMENT-server= Dictionary Server Protoc
V= 1.13.1
DISTNAME= dictd-$V
+# for dictd.rc pexp
+V_REGEX= ${V:S/./\./g}
+SUBST_VARS= V_REGEX
+
PKGNAME-main= dictd-client-$V
PKGNAME-server= dictd-server-$V
+REVISION-main=0
+REVISION-server=0
CATEGORIES= net education
HOMEPAGE= https://www.dict.org
+
+MAINTAINER= Klemens Nanni <k...@openbsd.org>
# GPL v2
PERMIT_PACKAGE= Yes
Index: net/dictd/patches/patch-dictd_c
===================================================================
RCS file: net/dictd/patches/patch-dictd_c
diff -N net/dictd/patches/patch-dictd_c
--- /dev/null 1 Jan 1970 00:00:00 -0000
+++ net/dictd/patches/patch-dictd_c 26 Oct 2023 19:34:14 -0000
@@ -0,0 +1,17 @@
+use dedicated _dictd user/group
+
+Index: dictd.c
+--- dictd.c.orig
++++ dictd.c
+@@ -1269,9 +1272,9 @@ static void release_root_privileges( void )
+ if (geteuid() == 0) {
+ struct passwd *pwd;
+
+- if ((pwd = getpwnam("dictd"))) {
++ if ((pwd = getpwnam("_dictd"))) {
+ setgid(pwd->pw_gid);
+- initgroups("dictd",pwd->pw_gid);
++ initgroups("_dictd",pwd->pw_gid);
+ setuid(pwd->pw_uid);
+ } else if ((pwd = getpwnam("nobody"))) {
+ setgid(pwd->pw_gid);
Index: net/dictd/pkg/PLIST-server
===================================================================
RCS file: /cvs/ports/net/dictd/pkg/PLIST-server,v
diff -u -p -r1.3 PLIST-server
--- net/dictd/pkg/PLIST-server 26 Oct 2023 16:49:27 -0000 1.3
+++ net/dictd/pkg/PLIST-server 26 Oct 2023 19:25:08 -0000
@@ -1,3 +1,6 @@
+@newgroup _dictd:522
+@newuser _dictd:522:_dictd::dictd Account:/nonexistent:/sbin/nologin
+@rcscript ${RCDIR}/dictd
bin/colorit
bin/dictdplugin-config
@bin bin/dictfmt
Index: net/dictd/pkg/dictd.rc
===================================================================
RCS file: net/dictd/pkg/dictd.rc
diff -N net/dictd/pkg/dictd.rc
--- /dev/null 1 Jan 1970 00:00:00 -0000
+++ net/dictd/pkg/dictd.rc 26 Oct 2023 16:59:24 -0000
@@ -0,0 +1,10 @@
+#!/bin/ksh
+
+daemon="/usr/local/sbin/dictd"
+daemon_args="--listen-to localhost"
+
+. /etc/rc.d/rc.subr
+
+pexp="${daemon##*/} ${V_REGEX}: [0-9]+/[0-9]+"
+
+rc_cmd $1
