On Thu, May 26, 2016 at 11:39:13PM +0100, Stuart Henderson wrote: > > > > The GeoIP Update program performs automatic updates of GeoIP2 and GeoIP > > Legacy binary databases. > > here are some bits on top; > > - @sample the config file > - patch config to use the directory net/GeoIP is already using > (these "updated at runtime" things shouldn't update in /usr/local) > - patch to make it easier for free users (commercial users have an > online config generator page anyway)
I checked your patch and everything looks good to me, thanks for your input. > but I think maybe we should also add shepherd users towards running it > as a non-root user by previding a separate uid to own /var/db/GeoIP files .. That makes sense. So if I picture things correctly, that would mean something in those lines: 1) Adding a _geoip user/group in /usr/ports/infrastructure/db/user.list 2) Tweak net/GeoIP and net/libmaxminddb to add @newgroup and @newuser directives in PLIST to effectively create user/group, set @user and @group to _geoip, and lastly use @mode 660 so any users in the group _geoip can run the geoipupdate program Is that what you had in mind?
