the program plan uses another executable called netplan to act as an IP
network server to manage appointment files. Under the vanilla compilation
and installation, the following happens with netplan:
if run by root or setuid root, netplan switches to "nobody". The UID
and GID of <nobody> are compiled in, not determined at runtime. netplan
will refuse to run setgid-but-not-setuid root.
Also, netplan only reads and writes to
LIB/netplan.dir the directory that netplan puts files into, and the only
directory that netplan will read from (see Network
Security).
where LIB under the vanilla installation would be /usr/local/lib.
Under the mostly complete debian packaging of plan, I have installed
netplan as /usr/lib/plan/netplan and netplan.dir as
/usr/lib/plan/netplan.dir. Christoph Lameter began packaging plan which
has allowed me to use the following postinst as a template (note
/usr/sbin/netplan will be changed to /usr/lib/netplan):
--------------
#!/bin/sh -e
# Check if "netplan" user exists create if not
adduser --system --home /var/lib/netplan netplan || echo "netplan user \
already exists."
if [ ! -d /var/lib/netplan ]; then
install -m 700 -u netplan -d /var/lib/netplan
fi
suidregister -s plan /usr/sbin/netplan netplan root 4754
--------------
I am somewhat new to packaging, so I want to be sure I completely
understand what is going on here:
1) The system user netplan is created if it didn't already exist.
2) The system user netplan's home directory is created as /var/lib/netplan
if it didn't already exist.
3) suidregister registers netplan in /etc/suid.conf and changes the suid
to netplan from nobody
Questions:
1) What is /var/lib/netplan used for? It seems to me that the only
directory that is needed for netplan is /usr/lib/plan/netplan.dir.
2) Do I really need to change the suid of netplan from nobody to netplan?
3) By using suidregister, isn't this creating a dependency on
the suidmanager package?
Some of these questions may be stupid, but that's how I learn:). Any help
is gratefully appreciated. Cheers, Colin.
PS. This package will most likely not be uploaded until approx. June 17th
when I get a chance to get to the console of my debian machine so I can
try it under X.
--
Colin R. Telmer, Institute of Intergovernmental Relations
School of Policy Studies, Queen's University
Kingston, Ontario, Canada, K7L-3N6
(613)545-6000x4219 [EMAIL PROTECTED]
PGP Fingerprint = 09 E9 DA 66 9C EE 33 DC B8 3B 97 0E 01 BC EC 0B
PGP Public Key at <URL:http://terrapin.econ.queensu.ca>
--
TO UNSUBSCRIBE FROM THIS MAILING LIST: e-mail the word "unsubscribe" to
[EMAIL PROTECTED] .
Trouble? e-mail to [EMAIL PROTECTED] .
