diff options
| author | feld <feld@FreeBSD.org> | 2015-02-06 06:23:00 +0800 |
|---|---|---|
| committer | feld <feld@FreeBSD.org> | 2015-02-06 06:23:00 +0800 |
| commit | 5033183790e6d8f4504d78015488431f9b16b12b (patch) | |
| tree | 9c987fb25f41e649c90ce02e5a6a4b79ce707c02 | |
| parent | b2128bc5ce3d057ba9d8852d2984d764a4fee528 (diff) | |
| download | freebsd-ports-gnome-5033183790e6d8f4504d78015488431f9b16b12b.tar.gz freebsd-ports-gnome-5033183790e6d8f4504d78015488431f9b16b12b.tar.zst freebsd-ports-gnome-5033183790e6d8f4504d78015488431f9b16b12b.zip | |
Xymon-client was not completely dropping privileges at startup.
While xymon-client knows internally what UID it should run as, a
design flaw in the rc script was still launching its master process as
root. As a result the following two processes were always running as
root instead of the xymon user:
/usr/local/www/xymon/client/bin/xymonlaunch ...
sh -c vmstat 300 2 ...
The rest of the processes the xymon-client runs such as df, netstat,
top, custom scripts, etc were correctly executing as non-root.
| -rw-r--r-- | net-mgmt/xymon-client/Makefile | 4 | ||||
| -rw-r--r-- | net-mgmt/xymon-client/files/xymon-client.in | 11 |
2 files changed, 8 insertions, 7 deletions
diff --git a/net-mgmt/xymon-client/Makefile b/net-mgmt/xymon-client/Makefile index 756ab23af64c..7b3eab21cc3a 100644 --- a/net-mgmt/xymon-client/Makefile +++ b/net-mgmt/xymon-client/Makefile @@ -2,7 +2,7 @@ PORTNAME= xymon PORTVERSION= 4.3.18 -PORTREVISION= 1 +PORTREVISION= 2 CATEGORIES= net-mgmt www MASTER_SITES= SF/xymon/Xymon/${PORTVERSION} PKGNAMESUFFIX= -client${PKGNAMESUFFIX2} @@ -16,6 +16,8 @@ LICENSE= GPLv2 USERS= xymon GROUPS= xymon +SUB_LIST+= USERS="${USERS}" + # Options XYMONUSER?= xymon XYMONHOSTIP?= 127.0.0.1 diff --git a/net-mgmt/xymon-client/files/xymon-client.in b/net-mgmt/xymon-client/files/xymon-client.in index a186bd5dface..2b9f4f6cf9b5 100644 --- a/net-mgmt/xymon-client/files/xymon-client.in +++ b/net-mgmt/xymon-client/files/xymon-client.in @@ -14,12 +14,11 @@ rcvar=xymon_client_enable load_rc_config "$name" : ${xymon_client_enable:=NO} +: ${xymon_client_user:=%%USERS%%} -command="%%PREFIX%%/www/xymon/client/runclient.sh" -start_cmd="%%PREFIX%%/www/xymon/client/runclient.sh ${xymon_client_flags} start" -stop_cmd="%%PREFIX%%/www/xymon/client/runclient.sh ${xymon_client_flags} stop" -status_cmd="%%PREFIX%%/www/xymon/client/runclient.sh ${xymon_client_flags} status" -reload_cmd="%%PREFIX%%/www/xymon/client/runclient.sh ${xymon_client_flags} restart" -pidfile="%%PREFIX%%/www/xymon/client/logs/clientlaunch.`hostname`.pid" +command=/usr/local/www/xymon/client/runclient.sh +command_args="${xymon_client_flags} ${1}" +procname=/usr/local/www/xymon/client/bin/xymonlaunch +pidfile="/usr/local/www/xymon/client/logs/clientlaunch.`hostname`.pid" run_rc_command "$1" |