This update addresses a couple of issues:
1) Rather than blindly overwriting existing users, UIDs, and GIDs, the
'update-passwd' script checks whether they exist.
If the username is present, I have assumed that Fink should normally be
able to use that user, since we don't ever use the numeric UIDs and GIDs.
If the UID and/or GID is in use, update-passwd gives a message which
says so and tells the user to edit passwd-fink and/or group-fink
appropriately.
2) I've removed the "dovecot" user, since Apple provides one for 10.6
and later.
--
Alexander Hansen, Ph.D.
Fink User Liaison
My package updates: http://finkakh.wordpress.com/
diff -Nurd null/README passwd/README
--- null/README 1969-12-31 17:00:00.000000000 -0700
+++ passwd/README 2012-07-27 15:28:04.000000000 -0700
@@ -0,0 +1,9 @@
+Passwd-core package for the Fink Project
+http://www.finkproject.org/
+
+The package passwd-core and it's associated splitoffs
+are in the Public Domain.
+
+This package adds several administrative user and group entries to
+your user database. These are needed to protect the data of several
+daemons (e.g. news server, database server).
diff -Nurd null/group-fink passwd/group-fink
--- null/group-fink 1969-12-31 17:00:00.000000000 -0700
+++ passwd/group-fink 2012-07-27 15:28:53.000000000 -0700
@@ -0,0 +1,36 @@
+#
+# Fink group additions
+#
+# IDs are in the range 250..299
+#
+# commented out entries are provided by the system and assumed by fink
+#
+#lp:*:26:
+#postfix:*:27:
+#postdrop:*:28:
+#qtss:*:76:
+#mailman:*:78:
+#clamav:*:82:
+#jabber:*:84:
+
+news:*:250:news
+postgres:*:252:postgres
+games:*:253:games
+canna:*:254:canna
+maildrop:*:256:maildrop
+tomcat:*:257:tomcat
+opennms:*:259:opennms
+distcc:*:262:distcc,root
+messagebus:*:263:messagebus
+icecast:*:264:icecast
+gdm:*:265:gdm
+#fink-bld:*:266:fink-bld
+ossec:*:267:ossec,ossecm,ossece,ossecr
+rt:*:271:rt
+#dovecot:*:272:dovecot
+haldaemon:*:273:haldaemon
+avahi:*:274:avahi
+# nagios used by nagios or icinga
+nagios:*:275:nagios
+# amqp used by rabbitmq-server
+amqp:*:276:amqp
diff -Nurd null/passwd-fink passwd/passwd-fink
--- null/passwd-fink 1969-12-31 17:00:00.000000000 -0700
+++ passwd/passwd-fink 2012-07-27 15:30:04.000000000 -0700
@@ -0,0 +1,40 @@
+#
+# Fink passwd additions
+#
+# IDs are in the range 250..299
+#
+# commented out entries are provided by the system and assumed by fink
+#
+# note that the cyrusimap user was previously called cyrus by fink
+#
+#lp:*:26:26::0:0:Printing Services:/var/spool/cups:/dev/null
+#postfix:*:27:27::0:0:postfix:/var/spool/postfix:/bin/false
+#eppc:*:71:71::0:0:Apple Events User:/var/empty:/usr/bin/false
+#qtss:*:76:76::0:0:QuickTime Streaming Server:/var/empty:/usr/bin/false
+#cyrusimap:*:77:6::0:0:Cyrus User:/var/imap:/usr/bin/false
+#mailman:*:78:78::0:0:Mailman user:/var/empty:/usr/bin/false
+#appserver:*:79:79::0:0:Application Server:/var/empty:/usr/bin/false
+#clamav:*:82:82::0:0:Clamav User:/var/virusmails:/bin/tcsh
+#jabber:*:84:84::0:0:Jabber User:/var/empty:/usr/bin/false
+
+news:*:250:250::0:0:News Server:/dev/null:/dev/null
+postgres:*:252:252::0:0:PostgreSQL Database Server:/var/empty:/dev/null
+games:*:253:253::0:0:Game Files Owner:/dev/null:/dev/null
+canna:*:254:254::0:0:Canna Japanese Input Server:/dev/null:/dev/null
+tomcat:*:257:257::0:0:Tomcat Servlet Engine:/sw/var/empty:/usr/bin/false
+opennms:*:259:259::0:0:OpenNMS Network Management:/sw/var/opennms:/dev/null
+distcc:*:262:262::0:0:distcc daemon,,,:/sw/var/spool/distcc:/dev/null
+messagebus:*:263:263::0:0:messagebus (dbus)
daemon,,,:/sw/var/run/dbus:/dev/null
+icecast:*:264:264::0:0:Icecast Server:/var/empty:/usr/bin/false
+gdm:*:265:265::0:0:gdm Login GUI priv-sep:/var/empty:/usr/bin/false
+#fink-bld:*:266:266::0:0:Fink Build System:/var/empty:/usr/bin/false
+ossec:*:267:267::0:0:OSSec HIDS Monitor Daemon:/sw/var/ossec:/usr/bin/false
+ossecm:*:268:267::0:0:OSSec HIDS Mail Daemon:/sw/var/ossec:/usr/bin/false
+ossece:*:269:267::0:0:OSSec HIDS Daemon:/sw/var/ossec:/usr/bin/false
+ossecr:*:270:267::0:0:OSSec HIDS Remote Daemon:/sw/var/ossec:/usr/bin/false
+rt:*:271:271::0:0:Request Tracker:/dev/null:/dev/null
+#dovecot:*:272:272::0:0:Dovecot IMAP Server Daemon:/dev/null:/dev/null
+haldaemon:*:273:273::0:0:Hardware Abstraction Layer Daemon:/dev/null:/dev/null
+avahi:*:274:274::0:0:Service Discovery Daemon:/dev/null:/dev/null
+nagios:*:275:275::0:0:Nagios and Icinga Monitoring Daemon:/dev/null:/dev/null
+amqp:*:276:276::0:0:AMQP Messaging Daemon:/dev/null:/dev/null
diff -Nurd null/passwd-fink.in passwd/passwd-fink.in
--- null/passwd-fink.in 1969-12-31 17:00:00.000000000 -0700
+++ passwd/passwd-fink.in 2012-07-27 15:28:04.000000000 -0700
@@ -0,0 +1,40 @@
+#
+# Fink passwd additions
+#
+# IDs are in the range 250..299
+#
+# commented out entries are provided by the system and assumed by fink
+#
+# note that the cyrusimap user was previously called cyrus by fink
+#
+#lp:*:26:26::0:0:Printing Services:/var/spool/cups:/dev/null
+#postfix:*:27:27::0:0:postfix:/var/spool/postfix:/bin/false
+#eppc:*:71:71::0:0:Apple Events User:/var/empty:/usr/bin/false
+#qtss:*:76:76::0:0:QuickTime Streaming Server:/var/empty:/usr/bin/false
+#cyrusimap:*:77:6::0:0:Cyrus User:/var/imap:/usr/bin/false
+#mailman:*:78:78::0:0:Mailman user:/var/empty:/usr/bin/false
+#appserver:*:79:79::0:0:Application Server:/var/empty:/usr/bin/false
+#clamav:*:82:82::0:0:Clamav User:/var/virusmails:/bin/tcsh
+#jabber:*:84:84::0:0:Jabber User:/var/empty:/usr/bin/false
+
+news:*:250:250::0:0:News Server:/dev/null:/dev/null
+postgres:*:252:252::0:0:PostgreSQL Database Server:/var/empty:/dev/null
+games:*:253:253::0:0:Game Files Owner:/dev/null:/dev/null
+canna:*:254:254::0:0:Canna Japanese Input Server:/dev/null:/dev/null
+tomcat:*:257:257::0:0:Tomcat Servlet Engine:@PREFIX@/var/empty:/usr/bin/false
+opennms:*:259:259::0:0:OpenNMS Network
Management:@PREFIX@/var/opennms:/dev/null
+distcc:*:262:262::0:0:distcc daemon,,,:@PREFIX@/var/spool/distcc:/dev/null
+messagebus:*:263:263::0:0:messagebus (dbus)
daemon,,,:@PREFIX@/var/run/dbus:/dev/null
+icecast:*:264:264::0:0:Icecast Server:/var/empty:/usr/bin/false
+gdm:*:265:265::0:0:gdm Login GUI priv-sep:/var/empty:/usr/bin/false
+#fink-bld:*:266:266::0:0:Fink Build System:/var/empty:/usr/bin/false
+ossec:*:267:267::0:0:OSSec HIDS Monitor
Daemon:@PREFIX@/var/ossec:/usr/bin/false
+ossecm:*:268:267::0:0:OSSec HIDS Mail Daemon:@PREFIX@/var/ossec:/usr/bin/false
+ossece:*:269:267::0:0:OSSec HIDS Daemon:@PREFIX@/var/ossec:/usr/bin/false
+ossecr:*:270:267::0:0:OSSec HIDS Remote
Daemon:@PREFIX@/var/ossec:/usr/bin/false
+rt:*:271:271::0:0:Request Tracker:/dev/null:/dev/null
+dovecot:*:272:272::0:0:Dovecot IMAP Server Daemon:/dev/null:/dev/null
+haldaemon:*:273:273::0:0:Hardware Abstraction Layer Daemon:/dev/null:/dev/null
+avahi:*:274:274::0:0:Service Discovery Daemon:/dev/null:/dev/null
+nagios:*:275:275::0:0:Nagios and Icinga Monitoring Daemon:/dev/null:/dev/null
+amqp:*:276:276::0:0:AMQP Messaging Daemon:/dev/null:/dev/null
diff -Nurd null/update-passwd.in passwd/update-passwd.in
--- null/update-passwd.in 1969-12-31 17:00:00.000000000 -0700
+++ passwd/update-passwd.in 2012-07-27 15:29:56.000000000 -0700
@@ -0,0 +1,160 @@
+#!/bin/sh
+#
+# Merge Fink's passwd and group additions into NetInfo
+#
+
+if [ `id -u` -ne 0 ]; then
+ echo "You must be root to run update-passwd."
+ exit 1
+fi
+
+PREFIX=@PREFIX@
+
+merge_user_info() {
+ FILE="$1"
+ FINK_PASSWD_USER="$2"
+ case `uname -r` in
+ 8*)
+ niload passwd . <$FILE
+ ;;
+ *)
+ OIFS=$IFS
+ IFS=:
+ cat $FILE | grep $FINK_PASSWD_USER | while read name
passwd uid gid junk1 junk2 junk3 info home shell; do
+ idtest=`/usr/bin/id $uid 2>/dev/null`
+ if [ "x$idtest" = "x" ] ; then
+ dscl . create /users/$name
+ dscl . create /users/$name name $name
+ dscl . create /users/$name passwd '*'
+ dscl . create /users/$name hint ""
+ dscl . create /users/$name uid $uid
+ dscl . create /users/$name gid $gid
+ dscl . create /users/$name home "$home"
+ dscl . create /users/$name shell
"$shell"
+ dscl . create /users/$name realname
"$info"
+ dscl . delete /users/$name
AuthenticationAuthority
+ else
+ echo
+ echo "WARNING: UID $uid is in use by:"
+ echo
+ echo $idtest
+ echo
+ echo "I am not overwriting this."
+ echo "You will need to edit
$PREFIX/etc/passwd-fink manually"
+ echo "and set the UID entry for
$FINK_PASSWD_USER to an unused"
+ echo "value."
+ echo
+ fi
+ done
+ IFS=$OIFS
+ ;;
+ esac
+}
+
+merge_group_info() {
+ FILE="$1"
+ GROUP="$2"
+ case `uname -r` in
+ 8*)
+ niload group . <$FILE
+ ;;
+ *)
+ OIFS=$IFS
+ IFS=:
+ cat $FILE | grep $GROUP | while read name passwd gid
GroupMembership; do
+ gidtest=`dscl . list Groups PrimaryGroupID |
grep $gid`
+ if [ "x$gidtest" = "x" ] ; then
+ dscl . create /groups/$name
+ dscl . create /groups/$name name $name
+ dscl . create /groups/$name passwd '*'
+ dscl . create /groups/$name gid $gid
+ dscl . create /groups/$name
GroupMembership $GroupMembership
+ else
+ echo
+ echo "WARNING: GID $gid is in use by:"
+ echo
+ echo $gidtest
+ echo
+ echo "I am not overwriting this."
+ echo "You will need to edit
$PREFIX/etc/group-fink manually"
+ echo "and set the GID entry for
$FINK_PASSWD_USER to an unused"
+ echo "value."
+ echo
+ fi
+ done
+ IFS=$OIFS
+ ;;
+ esac
+}
+
+if [ ! $2 ]; then
+ echo "No user was specified to be added."
+ echo "update-passwd needs to know which user will be added to the
system."
+ exit 1
+fi
+
+if [ ! -f "$PREFIX/etc/passwd-fink" ]; then
+ echo "The file $PREFIX/etc/passwd-fink is missing."
+ echo "update-passwd can not continue without this file."
+ exit 1
+fi
+
+if [ ! -f "$PREFIX/etc/group-fink" ]; then
+ echo "The file $PREFIX/etc/group-fink is missing."
+ echo "update-passwd can not continue without this file."
+ exit 1
+fi
+
+USER=`echo $2 | /usr/bin/sed "s/^passwd-//"`
+
+echo
+echo "The following user entry will be added to your DirectoryServices
database:"
+grep $USER $PREFIX/etc/passwd-fink
+
+echo
+echo "The following group entry will be added to your DirectoryServices
database:"
+grep $USER $PREFIX/etc/group-fink
+
+echo
+if [ "x$1" = "xpostinst" ]; then
+ echo "Some Fink packages will not work unless these entries are in the"
+ echo "DirectoryServices database. Fink can use existing entries with"
+ echo "these names, however."
+ echo "You can also make any desired adjustments to the files"
+ echo "$PREFIX/etc/passwd-fink and $PREFIX/etc/group-fink"
+ echo "now (from another window), then say yes here."
+ echo "Or you can say no here and add the users and groups manually"
+ echo "(e.g. on your central Open Directory server)."
+ echo "If you don't know what all of this is about, just say yes."
+else
+ echo "Existing entries with these names or numbers will be overwritten
or"
+ echo "otherwise affected by this."
+fi
+/bin/echo "Do you want to continue? [Y/n] \c"
+read answer
+
+answer=`echo $answer | sed 's/^[yY].*$/y/'`
+
+
+if [ -z "$answer" -o "x$answer" = "xy" ]; then
+ echo
+ idcheck=`/usr/bin/id $USER 2>/dev/null`
+ if [ "x$idcheck" = "x" ]; then
+ echo "Merging user info..."
+ merge_user_info "$PREFIX/etc/passwd-fink" $USER
+ echo "Merging group info..."
+ merge_group_info "$PREFIX/etc/group-fink" $USER
+ echo "Done."
+ else
+ echo "$USER user exists, with parameters:"
+ echo
+ echo $idcheck
+ echo
+ echo "Fink will use that."
+ fi
+else
+ echo "Okay, not adding the entries."
+fi
+echo
+
+exit 0
Package: passwd-core
Version: 20100305
Revision: 6
BuildDepends: fink (>= 0.33.0)
Type: nosource
PatchFile: %n.patch
PatchFile-MD5: b0b376fe8a5b1facec5d44b013d28170
CompileScript: <<
sed 's|@PREFIX@|%p|g' <update-passwd.in >update-passwd
sed 's|@PREFIX@|%p|g' <passwd-fink.in >passwd-fink
<<
InstallScript: <<
mkdir -p %i/etc %i/sbin
install -c -m 644 passwd-fink %i/etc/
install -c -m 644 group-fink %i/etc/
install -c -m 755 update-passwd %i/sbin/
<<
SplitOff: <<
Package: passwd-news
Description: User and group entries for the news server
Depends: passwd-core (>= 20100305-1)
DocFiles: README
PostInstScript: <<
%p/sbin/update-passwd postinst %n
<<
<<
SplitOff2: <<
Package: passwd-postgres
Description: User and group entries for the PostgreSQL database server
Depends: passwd-core (>= 20100305-1)
DocFiles: README
PostInstScript: <<
%p/sbin/update-passwd postinst %n
<<
<<
SplitOff3: <<
Package: passwd-games
Description: User and group entries for the games-files owner
Depends: passwd-core (>= 20100305-1)
DocFiles: README
PostInstScript: <<
%p/sbin/update-passwd postinst %n
<<
<<
SplitOff4: <<
Package: passwd-canna
Description: User and group entries for the Canna Japanese input server
Depends: passwd-core (>= 20100305-1)
DocFiles: README
PostInstScript: <<
%p/sbin/update-passwd postinst %n
<<
<<
SplitOff5: <<
Package: passwd-maildrop
Description: User and group entries for the maildrop mail delivery agent
Depends: passwd-core (>= 20100305-1)
DocFiles: README
PostInstScript: <<
%p/sbin/update-passwd postinst %n
<<
<<
SplitOff6: <<
Package: passwd-tomcat
Description: User and group entries for the Tomcat servlet engine
Depends: passwd-core (>= 20100305-1)
DocFiles: README
PostInstScript: <<
%p/sbin/update-passwd postinst %n
<<
<<
SplitOff7: <<
Package: passwd-opennms
Description: User and group entries for OpenNMS network management
Depends: passwd-core (>= 20100305-1)
DocFiles: README
PostInstScript: <<
%p/sbin/update-passwd postinst %n
<<
<<
SplitOff8: <<
Package: passwd-distcc
Description: User and group entries for the distcc daemon
Depends: passwd-core (>= 20100305-1)
DocFiles: README
PostInstScript: <<
%p/sbin/update-passwd postinst %n
<<
<<
SplitOff9: <<
Package: passwd-messagebus
Description: User and group entries for the dbus daemon
Depends: passwd-core (>= 20100305-1)
DocFiles: README
PostInstScript: <<
%p/sbin/update-passwd postinst %n
<<
<<
SplitOff10: <<
Package: passwd-icecast
Description: User and group entries for the Icecast server
Depends: passwd-core (>= 20100305-1)
DocFiles: README
PostInstScript: <<
%p/sbin/update-passwd postinst %n
<<
<<
SplitOff11: <<
Package: passwd-gdm
Description: User and group entries for the gdm login GUI
Depends: passwd-core (>= 20100305-1)
DocFiles: README
PostInstScript: <<
%p/sbin/update-passwd postinst %n
<<
<<
SplitOff12: <<
Package: passwd-fink-bld
Description: OBSOLETE User and group entries for the fink build system
RuntimeDepends: fink (>=0.33.0), fink-obsolete-packages
DocFiles: README
<<
SplitOff13: <<
Package: passwd-ossec
Description: User and group entries for the OSSec HIDS monitor daemon
Depends: passwd-core (>= 20100305-1)
DocFiles: README
PostInstScript: <<
%p/sbin/update-passwd postinst %n
<<
<<
SplitOff14: <<
Package: passwd-rt
Description: User and group entries for Request Tracker
Depends: passwd-core (>= 20100305-1)
DocFiles: README
PostInstScript: <<
%p/sbin/update-passwd postinst %n
<<
<<
#SplitOff15: <<
# Package: passwd-dovecot
# Description: User and group entries for the Dovecot IMAP server daemon
# Depends: passwd-core (>= 20100305-1)
# DocFiles: README
# PostInstScript: <<
# %p/sbin/update-passwd postinst %n
# <<
#<<
SplitOff16: <<
Package: passwd-haldaemon
Description: User and group entries for the Hardware Abstraction Layer
Depends: passwd-core (>= 20100305-1)
Conflicts: passwd-haldeamon
Replaces: passwd-haldeamon
DocFiles: README
PostInstScript: <<
%p/sbin/update-passwd postinst %n
<<
<<
SplitOff17: <<
Package: passwd-avahi
Description: User and group entries for the service-discovery daemon
Depends: passwd-core (>= 20100305-1)
DocFiles: README
PostInstScript: <<
%p/sbin/update-passwd postinst %n
<<
<<
SplitOff18: <<
Package: passwd-nagios
Description: User and group entries for the Nagios/Icinga monitors
Depends: passwd-core (>= 20100305-1)
DocFiles: README
PostInstScript: <<
%p/sbin/update-passwd postinst %n
<<
<<
SplitOff19: <<
Package: passwd-amqp
Description: User and group entries for the AMQP messaging daemon
Depends: passwd-core (>= 20100305-1)
DocFiles: README
PostInstScript: <<
%p/sbin/update-passwd postinst %n
<<
<<
## More users can be added here as additional SplitOffN fields
## If a user becomes obsolete, that SplitOffN can be commented out
## as well as the corresponding entries in %p/etc/{passwd-fink,group-fink}
ConfFiles: %p/etc/passwd-fink %p/etc/group-fink
#
Description: User and group entries for daemons: core pkg
DescDetail: <<
This package adds several administrative user and group entries to
your user database. These are needed to protect the data of several
daemons (e.g. news server, database server).
<<
DescUsage: <<
Packages that require a specific user (@user@), should set Depends: on
'passwd-@user@'. Packages that currently depend on 'passwd' (the legacy
non-split package) can be upgraded at will to use their needed passwd-@user@
package.
<<
DescPackaging: <<
Each user:group is now controlled by a splitoff. Packages that require a
specific
user should depend on 'passwd-@user@' and not on the base package 'passwd'.
<<
License: Public Domain
Maintainer: Fink Core Group <fink-c...@lists.sourceforge.net>
------------------------------------------------------------------------------
Live Security Virtual Conference
Exclusive live event will cover all the ways today's security and
threat landscape has changed and how IT managers can respond. Discussions
will include endpoint security, mobile security and the latest in malware
threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/
_______________________________________________
Fink-devel mailing list
Fink-devel@lists.sourceforge.net
List archive:
http://news.gmane.org/gmane.os.apple.fink.devel
Subscription management:
https://lists.sourceforge.net/lists/listinfo/fink-devel
