[Bug 265230] sysutils/nomad: pkg install creates default datadir with insecure permissions

https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=265230

            Bug ID: 265230
           Summary: sysutils/nomad: pkg install creates default datadir
                    with insecure permissions
           Product: Ports & Packages
           Version: Latest
          Hardware: Any
                OS: Any
            Status: New
          Severity: Affects Only Me
          Priority: ---
         Component: Individual Port(s)
          Assignee: jhixson@FreeBSD.org
          Reporter: grembo@FreeBSD.org
          Assignee: jhixson@FreeBSD.org
             Flags: maintainer-feedback?(jhixson@FreeBSD.org)

Created attachment 235266
  --> https://bugs.freebsd.org/bugzilla/attachment.cgi?id=235266&action=edit
Change homedir of nomad user to /nonexistent

Since bug #264425 nomad only starts if its datadir has secure permissions
(700). 
The port's default datadir is /var/tmp/nomad, which also happens to be its
user's home directory. Therefore installing the package always creates a
default datadir with permissions too lose to actually start the service.

I see various options to correct this:
1. Change port installation to change permissions of /var/tmp/nomad
   (not so nice)
2. Change data dir to be under /var/tmp/nomad, e.g., /var/tmp/nomad/data
   Clean, but might cause breakage on update
3. Change home of nomad user to /nonexistent

As far as I can tell, 3. has the least impact (other hashicorp users like vault
do the same). So the attached patch changes UIDs to change nomad's homedir.

I ran some local tests with it and things seem to be fine. So unless there was
a very specific reason to have a real HOME for the nomad user, I would suggest
to go with the attached patch.

-- 
You are receiving this mail because:
You are the assignee for the bug.