On 2023/05/21 12:49, panpansh wrote: > Hi, trying this: > > chmod o-rx /usr/bin/ftp; groupadd g_fetch; usermod -G g_fetch _pkgfetch; > chown root:g_fetch /usr/bin/ftp > > # pkg_add: can't exec /usr/bin/ftp: permission denied at > /usr/libdata/perl5/OpenBSD/PackageRepository.pm line 869 > > # offcourse setting _pkgfetch as group owner of /usr/bin/ftp raise no error > executing pkg_add. But its restrictive and not the goal > .
You don't mention what the goal is. But it's possible that it might be better solved by using PF "user" and/or "group" rules, which will also restrict network access from programs other than ftp (since there are a couple of other programs in base which would allow doing basically the same thing).
