Re: [OpenWrt-Devel] user and group for portmap

[Florian Fainelli]

On Thursday 04 October 2012 14:55:47 Peter Wagner wrote:
 Instead of running portmap together with dnsmasq in the nobody group, 
portmap should get it's
 own group/user called rpc. This patch adds the group/user.
 
 Signed-off-by: Peter Wagner tripo...@gmx.at

Why would we need that? Considering that an OpenWrt system is not exactly 
following the usual Linux desktop conventions regarding privilege separation 
in user and groups, do we need to add specific group for portmap?
--
Florian

___
openwrt-devel mailing list
openwrt-devel@lists.openwrt.org
https://lists.openwrt.org/mailman/listinfo/openwrt-devel

[OpenWrt-Devel] user and group for portmap

[Peter Wagner]

Instead of running portmap together with dnsmasq in the nobody group, portmap 
should get it's
own group/user called rpc. This patch adds the group/user.

Signed-off-by: Peter Wagner tripo...@gmx.atdiff --git a/net/portmap/Makefile b/net/portmap/Makefile
index 70499aa..3e8ae80 100644
--- a/net/portmap/Makefile
+++ b/net/portmap/Makefile
@@ -9,7 +9,7 @@ include $(TOPDIR)/rules.mk
 
 PKG_NAME:=portmap
 PKG_VERSION:=6.0
-PKG_RELEASE:=3
+PKG_RELEASE:=4
 
 PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tgz
 PKG_SOURCE_URL:=http://neil.brown.name/portmap/
@@ -34,7 +34,7 @@ endef
 
 MAKE_FLAGS += \
 	CFLAGS=$(TARGET_CFLAGS) $(TARGET_CPPFLAGS) -DHOSTS_ACCESS -DFACILITY=LOG_DAEMON -DIGNORE_SIGCHLD \
-	RPCUSER=nobody \
+	RPCUSER=rpc \
 	LDLIBS=$(TARGET_LDFLAGS) -lwrap $(LIBRPC) \
 	all
 
diff --git a/net/portmap/files/portmap.init b/net/portmap/files/portmap.init
index e73701c..c57541e 100644
--- a/net/portmap/files/portmap.init
+++ b/net/portmap/files/portmap.init
@@ -5,6 +5,9 @@ START=19
 STOP=19
 
 start() {
+	user_exists rpc 65533 || user_add rpc 65533 65533 rpc /var/empty
+	group_exists rpc 65533 || group_add rpc 65533
+	
 	service_start /usr/sbin/portmap
 }
 
___
openwrt-devel mailing list
openwrt-devel@lists.openwrt.org
https://lists.openwrt.org/mailman/listinfo/openwrt-devel