svn commit: r467046 - in branches/2018Q2/net-mgmt/py-pdagent: . files

Wed Apr 11 13:01:28 UTC 2018

Author: feld
Date: Wed Apr 11 13:01:27 2018
New Revision: 467046
URL: https://svnweb.freebsd.org/changeset/ports/467046

Log:
  MFH: r466569 r466572
  
  net-mgmt/py-pdagent: Add dedicated user/group
  
  - Also add pkg-message informing how to permit users and services access
  
  net/py-pdagent: Further increase security
  
  Limit access to alert data files which could hold sensitive information
  
  PR:		227273

Added:
  branches/2018Q2/net-mgmt/py-pdagent/pkg-message
     - copied unchanged from r466569, head/net-mgmt/py-pdagent/pkg-message
Modified:
  branches/2018Q2/net-mgmt/py-pdagent/Makefile
  branches/2018Q2/net-mgmt/py-pdagent/files/pdagentd.in
Directory Properties:
  branches/2018Q2/   (props changed)

Modified: branches/2018Q2/net-mgmt/py-pdagent/Makefile
==============================================================================

--- branches/2018Q2/net-mgmt/py-pdagent/Makefile	Wed Apr 11 12:45:34 2018	(r467045)
+++ branches/2018Q2/net-mgmt/py-pdagent/Makefile	Wed Apr 11 13:01:27 2018	(r467046)
@@ -4,6 +4,7 @@
 PORTNAME=	pdagent
 PORTVERSION=	1.4
 DISTVERSIONPREFIX=v
+PORTREVISION=	2
 CATEGORIES=	net-mgmt python
 PKGNAMEPREFIX=	${PYTHON_PKGNAMEPREFIX}
 
@@ -25,6 +26,9 @@ GH_ACCOUNT=	PagerDuty
 SUB_LIST+=	PYTHON_CMD="${PYTHON_CMD}"
 
 BINFILES=	pd-queue pd-send pdagentd.py
+
+USERS=	pdagent
+GROUPS=	pdagent
 
 do-patch:
 	${REINPLACE_CMD} -e 's|/var/lib/pdagent|/var/db/pdagent|' -e 's|/etc|${ETCDIR}|' ${WRKSRC}/pdagent/confdirs.py

Modified: branches/2018Q2/net-mgmt/py-pdagent/files/pdagentd.in
==============================================================================
--- branches/2018Q2/net-mgmt/py-pdagent/files/pdagentd.in	Wed Apr 11 12:45:34 2018	(r467045)
+++ branches/2018Q2/net-mgmt/py-pdagent/files/pdagentd.in	Wed Apr 11 13:01:27 2018	(r467046)
@@ -20,8 +20,8 @@ rcvar=pdagentd_enable
 load_rc_config $name
 
 : ${pdagentd_enable="NO"}
-: ${pdagentd_user:="nobody"}
-: ${pdagentd_group:="nogroup"}
+: ${pdagentd_user:="pdagent"}
+: ${pdagentd_group:="pdagent"}
 
 pidfile="/var/run/pdagent/pdagentd.pid"
 command="%%PREFIX%%/bin/pdagentd.py"
@@ -34,15 +34,13 @@ pdagent_mkdirs="/var/db/pdagent /var/db/pdagent/outque
 pdagentd_precmd()
 {
 	for i in ${pdagent_mkdirs}; do
-		install -d -o ${pdagentd_user} -g ${pdagentd_group} -m 775 ${i}
+		install -d -o ${pdagentd_user} -g ${pdagentd_group} -m 770 ${i}
 	done
 
-	if [ ! -d /var/log/pdagent ]; then
-		install -d -o ${pdagentd_user} /var/log/pdagent
-	fi
-	if [ ! -d /var/run/pdagent ]; then
-		install -d -o ${pdagentd_user} /var/run/pdagent
-	fi
+	chown -R ${pdagentd_user}:${pdagentd_group} /var/db/pdagent
+
+	install -d -o ${pdagentd_user} /var/log/pdagent
+	install -d -o ${pdagentd_user} /var/run/pdagent
 }
 
 run_rc_command "$1"

Copied: branches/2018Q2/net-mgmt/py-pdagent/pkg-message (from r466569, head/net-mgmt/py-pdagent/pkg-message)
==============================================================================
--- /dev/null	00:00:00 1970	(empty, because file is newly added)
+++ branches/2018Q2/net-mgmt/py-pdagent/pkg-message	Wed Apr 11 13:01:27 2018	(r467046, copy of r466569, head/net-mgmt/py-pdagent/pkg-message)
@@ -0,0 +1,6 @@
+!!! NOTICE !!!
+
+You must add the required users and service accounts to the pdagent
+group to permit write access to /var/db/pdagent.
+
+!!! NOTICE !!!
