Hi. This diff makes rsync use "_rsync" as default user instead of "nobody". It's been slightly tested by naddy and myself but could use more eyes/tests/comments ...
Thanks. Index: Makefile =================================================================== RCS file: /cvs/ports/net/rsync/Makefile,v retrieving revision 1.61 diff -u -u -r1.61 Makefile --- Makefile 27 Mar 2011 17:16:47 -0000 1.61 +++ Makefile 29 Mar 2011 07:28:10 -0000 @@ -6,13 +6,16 @@ CATEGORIES = net HOMEPAGE = http://rsync.samba.org/ +REVISION = 0 + MAINTAINER = Marc Espie <es...@openbsd.org> -# GPL +# GPLv3 PERMIT_PACKAGE_CDROM = Yes PERMIT_PACKAGE_FTP = Yes PERMIT_DISTFILES_CDROM =Yes PERMIT_DISTFILES_FTP = Yes + WANTLIB = c MASTER_SITES = ftp://ftp.samba.org/pub/rsync/ \ @@ -24,7 +27,8 @@ CONFIGURE_STYLE =gnu CONFIGURE_ARGS =--with-included-popt \ --with-rsyncd-conf="${SYSCONFDIR}/rsyncd.conf" \ - --with-rsh="ssh -T" + --with-rsh="ssh -T" \ + --with-nobody-group=_rsync DOCDIR = ${PREFIX}/share/doc/rsync USE_GROFF = Yes Index: patches/patch-authenticate_c =================================================================== RCS file: patches/patch-authenticate_c diff -N patches/patch-authenticate_c --- /dev/null 1 Jan 1970 00:00:00 -0000 +++ patches/patch-authenticate_c 29 Mar 2011 07:28:10 -0000 @@ -0,0 +1,12 @@ +$OpenBSD$ +--- authenticate.c.orig Mon Mar 28 13:59:40 2011 ++++ authenticate.c Mon Mar 28 13:59:55 2011 +@@ -291,7 +291,7 @@ void auth_client(int fd, const char *user, const char + char pass2[MAX_DIGEST_LEN*2]; + + if (!user || !*user) +- user = "nobody"; ++ user = "_rsync"; + + if (!(pass = getpassf(password_file)) + && !(pass = getenv("RSYNC_PASSWORD"))) { Index: patches/patch-clientserver_c =================================================================== RCS file: patches/patch-clientserver_c diff -N patches/patch-clientserver_c --- /dev/null 1 Jan 1970 00:00:00 -0000 +++ patches/patch-clientserver_c 29 Mar 2011 07:28:10 -0000 @@ -0,0 +1,14 @@ +$OpenBSD$ +--- clientserver.c.orig Mon Mar 28 14:28:49 2011 ++++ clientserver.c Mon Mar 28 14:29:08 2011 +@@ -413,8 +413,8 @@ static int rsync_module(int f_in, int f_out, int i, ch + int argc; + char **argv, **orig_argv, **orig_early_argv, *module_chdir; + char line[BIGPATHBUFLEN]; +- uid_t uid = (uid_t)-2; /* canonically "nobody" */ +- gid_t gid = (gid_t)-2; ++ uid_t uid = (uid_t)669; /* canonically "_rsync" */ ++ gid_t gid = (gid_t)669; + char *p, *err_msg = NULL; + char *name = lp_name(i); + int use_chroot = lp_use_chroot(i); Index: patches/patch-configure_sh =================================================================== RCS file: patches/patch-configure_sh diff -N patches/patch-configure_sh --- /dev/null 1 Jan 1970 00:00:00 -0000 +++ patches/patch-configure_sh 29 Mar 2011 07:28:10 -0000 @@ -0,0 +1,12 @@ +$OpenBSD$ +--- configure.sh.orig Mon Mar 28 13:58:00 2011 ++++ configure.sh Mon Mar 28 13:59:13 2011 +@@ -4210,7 +4210,7 @@ fi + + + cat >>confdefs.h <<_ACEOF +-#define NOBODY_USER "nobody" ++#define NOBODY_USER "_rsync" + _ACEOF + + Index: patches/patch-rsync_1 =================================================================== RCS file: patches/patch-rsync_1 diff -N patches/patch-rsync_1 --- /dev/null 1 Jan 1970 00:00:00 -0000 +++ patches/patch-rsync_1 29 Mar 2011 07:28:10 -0000 @@ -0,0 +1,12 @@ +$OpenBSD$ +--- rsync.1.orig Mon Mar 28 13:57:27 2011 ++++ rsync.1 Mon Mar 28 13:57:35 2011 +@@ -3465,7 +3465,7 @@ consult the remote shell\(cq\&s documentation. + .IP "\fBUSER\fP or \fBLOGNAME\fP" + The USER or LOGNAME environment variables + are used to determine the default username sent to an rsync daemon. +-If neither is set, the username defaults to \(dq\&nobody\(dq\&. ++If neither is set, the username defaults to \(dq\&_rsync\(dq\&. + .IP "\fBHOME\fP" + The HOME environment variable is used to find the user\(cq\&s + default .cvsignore file. Index: patches/patch-rsyncd_conf_5 =================================================================== RCS file: /cvs/ports/net/rsync/patches/patch-rsyncd_conf_5,v retrieving revision 1.1 diff -u -u -r1.1 patch-rsyncd_conf_5 --- patches/patch-rsyncd_conf_5 7 Mar 2011 19:48:20 -0000 1.1 +++ patches/patch-rsyncd_conf_5 29 Mar 2011 07:28:10 -0000 @@ -1,6 +1,6 @@ $OpenBSD: patch-rsyncd_conf_5,v 1.1 2011/03/07 19:48:20 ajacoutot Exp $ ---- rsyncd.conf.5.orig Thu Dec 31 22:15:51 2009 -+++ rsyncd.conf.5 Tue Feb 22 11:22:44 2011 +--- rsyncd.conf.5.orig Sat Mar 26 22:37:52 2011 ++++ rsyncd.conf.5 Mon Mar 28 14:31:04 2011 @@ -67,12 +67,11 @@ When run via inetd you should add a line like this to and a single line something like this to /etc/inetd.conf: .PP @@ -16,6 +16,25 @@ reread its config file. .PP Note that you should \fBnot\fP send the rsync daemon a HUP signal to force +@@ -341,14 +340,14 @@ for modules to be listable. + This parameter specifies the user name or user ID that + file transfers to and from that module should take place as when the daemon + was run as root. In combination with the \(dq\&gid\(dq\& parameter this determines what +-file permissions are available. The default is uid \-2, which is normally +-the user \(dq\&nobody\(dq\&. ++file permissions are available. The default is uid 669, which is normally ++the user \(dq\&_rsync\(dq\&. + .IP + .IP "\fBgid\fP" + This parameter specifies the group name or group ID that + file transfers to and from that module should take place as when the daemon +-was run as root. This complements the \(dq\&uid\(dq\& parameter. The default is gid \-2, +-which is normally the group \(dq\&nobody\(dq\&. ++was run as root. This complements the \(dq\&uid\(dq\& parameter. The default is gid 669, ++which is normally the group \(dq\&_rsync\(dq\&. + .IP + .IP "\fBfake super\fP" + Setting \(dq\&fake super = yes\(dq\& for a module causes the @@ -460,7 +459,7 @@ limit the length of passwords that can be typed at the you may find that passwords longer than 8 characters don\(cq\&t work. .IP @@ -25,6 +44,17 @@ by \(dq\&other\(dq\&; see \(dq\&strict modes\(dq\&. .IP .IP "\fBstrict modes\fP" +@@ -758,8 +757,8 @@ A more sophisticated example would be: + .PP + .nf + +-uid = nobody +-gid = nobody ++uid = _rsync ++gid = _rsync + use chroot = yes + max connections = 4 + syslog facility = local5 @@ -785,12 +784,12 @@ pid file = /var/run/rsyncd.pid path = /data/cvs comment = CVS repository (requires authentication) Index: pkg/PLIST =================================================================== RCS file: /cvs/ports/net/rsync/pkg/PLIST,v retrieving revision 1.11 diff -u -u -r1.11 PLIST --- pkg/PLIST 6 Jan 2009 16:34:34 -0000 1.11 +++ pkg/PLIST 29 Mar 2011 07:28:10 -0000 @@ -1,8 +1,9 @@ @comment $OpenBSD: PLIST,v 1.11 2009/01/06 16:34:34 naddy Exp $ +@newgroup _rsync:669 +@newuser _rsync:669:_rsync:daemon:rsync Daemon:/var/empty:/sbin/nologin @bin bin/rsync @man man/man1/rsync.1 @man man/man5/rsyncd.conf.5 share/doc/rsync/ share/doc/rsync/tech_report.tex -@cwd ${SYSCONFDIR} -@extra rsyncd.conf +@extra ${SYSCONFDIR}/rsyncd.conf -- Antoine
