On Wed, Jun 26, 2019 at 05:29:14PM +0200, Joel Carnat wrote:
> Hello,
>
> I've just installed sysutils/monit on some new server and noticed there
> were no dedicated user created to run the daemon.
>
> I already run it as non-root on serveral servers. So I know it works.
> Note that there are cases (service restart for example) that require
> configuring doas rules. But once done, everything runs ok.
>
> If you think that's ok, here's a patch to create a dedicated user.
> Inspired from net/openvpn port.
>
> Regards,
> Jo
> --- infrastructure/db/user.list.orig Wed Jun 26 17:04:43 2019
> +++ infrastructure/db/user.list Wed Jun 26 17:06:41 2019
> @@ -348,2 +348,3 @@
> 837 _thingsd _thingsd net/thingsd
> 838 _i2pd _i2pd net/i2pd
> +839 _monit _monit sysutils/monit
>
> --- sysutils/monit/pkg/PLIST.orig Wed May 1 21:21:57 2019
> +++ sysutils/monit/pkg/PLIST Wed Jun 26 17:14:10 2019
> @@ -1,3 +1,5 @@
> @comment $OpenBSD: PLIST,v 1.11 2019/05/01 19:21:57 landry Exp $
> +@newgroup _monit:839
> +@newuser _monit:839:_monit:daemon:Monit Daemon:/var/monit:/sbin/nologin
Can't we use /nonexistent for HOME like most other daemons do?
> @rcscript ${RCDIR}/monit
> @bin bin/monit
--
Antoine
