diff options
author | feld <feld@FreeBSD.org> | 2014-06-06 03:30:58 +0800 |
---|---|---|
committer | feld <feld@FreeBSD.org> | 2014-06-06 03:30:58 +0800 |
commit | 3f26df89db4ee6f702df39bc20c5d915099c50c7 (patch) | |
tree | 17593f84279ab65c2fbbd71d094732efbb6ea0e5 | |
parent | 0e01dea11c43d92cb4ed0ff67a5a352e9385b32a (diff) | |
download | freebsd-ports-gnome-3f26df89db4ee6f702df39bc20c5d915099c50c7.tar.gz freebsd-ports-gnome-3f26df89db4ee6f702df39bc20c5d915099c50c7.tar.zst freebsd-ports-gnome-3f26df89db4ee6f702df39bc20c5d915099c50c7.zip |
-Add more options for rc script
-Utilize opendns if no provider configured to preserve documented behavior
-rc script passes rclint
-Fix the _dnscrypt-proxy user's home directory and add UPDATING entry
PR: 190406
Submitted by: AllanJude
-rw-r--r-- | UIDs | 386 | ||||
-rw-r--r-- | UPDATING | 13 | ||||
-rw-r--r-- | dns/dnscrypt-proxy/Makefile | 1 | ||||
-rw-r--r-- | dns/dnscrypt-proxy/files/dnscrypt-proxy.in | 29 |
4 files changed, 126 insertions, 303 deletions
@@ -1,288 +1,98 @@ -# $FreeBSD$ -# Please keep this file sorted by UID! -operator:*:2:5::0:0:System &:/:/usr/sbin/nologin -ftp:*:14:14::0:0:Anonymous FTP:/var/ftp:/nonexistent -smmsp:*:25:25::0:0:Sendmail Submission User:/var/spool/clientmqueue:/usr/sbin/nologin -bind:*:53:53::0:0:Bind Sandbox:/:/usr/sbin/nologin -majordom:*:54:54::0:0:Majordomo Pseudo User:/usr/local/majordomo:/nonexistent -rdfdb:*:55:55::0:0:rdfDB Daemon:/var/db/rdfdb:/bin/sh -spamd:*:58:58::0:0:SpamAssassin user:/var/spool/spamd:/usr/sbin/nologin -unbound:*:59:59::0:0:Unbound DNS Resolver:/nonexistent:/usr/sbin/nologin -cyrus:*:60:60::0:0:the cyrus mail server:/nonexistent:/nonexistent -gnats:*:61:1::0:0:GNATS database owner:/usr/local/share/gnats/gnats-db:/bin/sh -proxy:*:62:62::0:0:Packet Filter pseudo-user:/nonexistent:/nonexistent -uucp:*:66:66::0:0:UUCP pseudo-user:/var/spool/uucppublic:/usr/libexec/uucp/uucico -xten:*:67:67::0:0:X-10 daemon:/usr/local/xten:/nonexistent -pop:*:68:6::0:0:Post Office Owner (popper):/nonexistent:/usr/sbin/nologin -wnn:*:69:7::0:0:Wnn:/nonexistent:/nonexistent -pgsql:*:70:70::0:0:PostgreSQL pseudo-user:/usr/local/pgsql:/bin/sh -oracle:*:71:71::0:0:Oracle:/usr/local/oracle7:/usr/sbin/nologin -ircd:*:72:72::0:0:IRC daemon:/nonexistent:/nonexistent -ircservices:*:73:73::0:0:IRC services:/nonexistent:/nonexistent -simscan:*:74:74::0:0:Simscan User:/nonexistent:/usr/sbin/nologin -ifmail:*:75:66::0:0:Ifmail user:/nonexistent:/nonexistent -hybserv:*:76:76::0:0:HybServ Daemon:/nonexistent:/usr/sbin/nologin -auditdistd:*:78:77::0:0:Auditdistd unprivileged user:/var/empty:/usr/sbin/nologin -virtuoso:*:79:79::0:0:Virtuoso Universal Server:/usr/local/virtuoso:/bin/sh -www:*:80:80::0:0:World Wide Web Owner:/nonexistent:/usr/sbin/nologin -alias:*:81:81::0:0:QMail user:/var/qmail/alias:/nonexistent -qmaild:*:82:81::0:0:QMail user:/var/qmail:/nonexistent -qmaill:*:83:81::0:0:QMail user:/var/qmail:/nonexistent -qmailp:*:84:81::0:0:QMail user:/var/qmail:/nonexistent -qmailq:*:85:82::0:0:QMail user:/var/qmail:/nonexistent -qmailr:*:86:82::0:0:QMail user:/var/qmail:/nonexistent -qmails:*:87:82::0:0:QMail user:/var/qmail:/nonexistent -mysql:*:88:88::0:0:MySQL Daemon:/var/db/mysql:/usr/sbin/nologin -vpopmail:*:89:89::0:0:VPop Mail User:/usr/local/vpopmail:/nonexistent -firebird:*:90:90::0:0:Firebird Database Administrator:/var/db/firebird:/bin/sh -mailman:*:91:91::0:0:Mailman User:/usr/local/mailman:/usr/sbin/nologin -gdm:*:92:92::0:0:GNOME Display Manager:/usr/local/etc/gdm/home:/usr/sbin/nologin -jabber:*:93:93::0:0:Jabber Daemon:/nonexistent:/nonexistent -p4admin:*:94:94::0:0:Perforce admin:/nonexistent:/usr/sbin/nologin -interch:*:95:95::0:0:Interchange user:/usr/local/interchange:/usr/sbin/nologin -squeuer:*:96:96::0:0:SQueuer Owner:/nonexistent:/bin/sh -mud:*:97:97::0:0:MUD Owner:/nonexistent:/bin/sh -msql:*:98:98::0:0:mSQL-2 pseudo-user:/var/db/msqldb:/bin/sh -rscsi:*:99:99::0:0:Remote SCSI:/usr/local/rscsi:/usr/local/sbin/rscsi -squid:*:100:100::0:0:squid caching-proxy pseudo user:/var/squid:/usr/sbin/nologin -quagga:*:101:101::0:0:Quagga route daemon pseudo user:/usr/local/etc/quagga:/usr/sbin/nologin -ganglia:*:102:102::0:0:Ganglia User:/nonexistent:/usr/sbin/nologin -sgeadmin:*:103:103::0:0:Sun Grid Engine Admin:/nonexistent:/usr/sbin/nologin -slimserv:*:104:104::0:0:Slim Devices SlimServer pseudo-user:/nonexistent:/usr/sbin/nologin -dnetc:*:105:105::0:0:distributed.net client and proxy pseudo-user:/nonexistent:/usr/sbin/nologin -clamav:*:106:106::0:0:Clamav Antivirus:/nonexistent:/usr/sbin/nologin -cacti:*:107:107::0:0:Cacti Sandbox:/nonexistent:/usr/sbin/nologin -webkit:*:108:108::0:0:WebKit Default User:/usr/local/www/webkit:/bin/sh -quickml:*:109:109::0:0:quickml Server:/nonexistent:/usr/sbin/nologin -vscan:*:110:110::0:0:Scanning Virus Account:/var/maiad:/bin/sh -fido:*:111:111::0:0:Fido System:/usr/local/fido:/bin/sh -dcc:*:112:112::0:0:Distributed Checksum Clearinghouse:/nonexistent:/usr/sbin/nologin -amavis:*:113:113::0:0:Amavis-stats Account:/nonexistent:/usr/sbin/nologin -dhis:*:114:114::0:0:DHIS Daemon:/nonexistent:/usr/sbin/nologin -_symon:*:115:115::0:0:Symon Account:/var/empty:/usr/sbin/nologin -hplip:*:116:116::0:0:HPLIP Server:/nonexistent:/usr/sbin/nologin -smokeping:*:117:117::0:0:SmokePing Daemon:/nonexistent:/usr/sbin/nologin -ircproxyd:*:118:118::0:0:Night Light IRC Proxy:/nonexistent:/usr/sbin/nologin -mythtv:*:119:119::0:0:MythTV pseudo-user:/nonexistent:/bin/sh -pdns_recursor:*:120:120::0:0:pdns_recursor pseudo-user:/nonexistent:/usr/sbin/nologin -otrs:*:121:121::0:0:OTRS Administrator:/usr/local/otrs:/bin/csh -zabbix:*:122:122::0:0:Zabbix NMS:/nonexistent:/bin/sh -_ntp:*:123:123::0:0:NTP Daemon:/var/empty:/usr/sbin/nologin -fetchmail:*:124:124::0:0:Fetchmail mail-retrieval daemon:/nonexistent:/usr/sbin/nologin -postfix:*:125:125::0:0:Postfix Mail System:/var/spool/postfix:/usr/sbin/nologin -navcron:*:127:127::0:0:Network Administration Visualized:/usr/local/nav:/usr/sbin/nologin -vchat:*:128:128::0:0:VChat Conferencing System:/nonexistent:/usr/sbin/nologin -_bgpd:*:130:130::0:0:BGP Daemon:/var/empty:/usr/sbin/nologin -_ospfd:*:131:131::0:0:OSPF Daemon:/var/empty:/usr/sbin/nologin -_spamd:*:132:132::0:0:Spam Daemon:/var/empty:/usr/sbin/nologin -freeradius:*:133:133::0:0:FreeRADIUS Daemon:/nonexistent:/usr/sbin/nologin -undernet:*:134:134::0:0:Undernet ircu Daemon:/nonexistent:/usr/sbin/nologin -rabbitmq:*:135:135::0:0:RabbitMQ:/var/db/rabbitmq:/usr/sbin/nologin -dhcpd:*:136:136::0:0:ISC DHCP daemon:/nonexistent:/usr/sbin/nologin -mpd:*:137:137::0:0:MusicPD pseudo-user:/var/mpd:/usr/sbin/nologin -wolfpack:*:138:138::0:0:Wolfpack Empire Server:/usr/local/share/wolfpack:/usr/sbin/nologin -shellinabox:*:139:139::0:0:Shell In A Box:/nonexistent:/usr/sbin/nologin -amanda:*:140:140::0:0:Amanda Daemon:/var/db/amanda:/usr/sbin/nologin -cricket:*:141:80::0:0:Cricket Monitoring User:/usr/local/cricket:/usr/sbin/nologin -ladvd:*:142:142::0:0:Ladvd User:/var/empty:/usr/sbin/nologin -dovecot:*:143:143::0:0:Dovecot User:/var/empty:/usr/sbin/nologin -dovenull:*:144:144::0:0:Dovecot login User:/var/empty:/usr/sbin/nologin -webcamd:*:145:145::0:0:Webcamd user:/var/empty:/usr/sbin/nologin -ventrilo:*:146:146::0:0:& server:/usr/local/ventrilo-server:/usr/sbin/nologin -kdm:*:147:147::0:0:KDE Display Manager:/nonexistent:/usr/sbin/nologin -ipv6mon:*:148:148::0:0:IPv6 Address Monitoring Daemon:/nonexistent:/usr/sbin/nologin -avenger:*:149:149::0:0:Mail Avenger:/var/spool/avenger:/usr/sbin/nologin -cbsd:*:150:150::0:0:Cbsd user:/nonexistent:/bin/sh -rbldns:*:153:153::0:0:rbldnsd pseudo-user:/nonexistent:/usr/sbin/nologin -trircd:*:154:154::0:0:& user:/usr/local/etc/tr-ircd:/usr/sbin/nologin -sfs:*:171:171::0:0:Self-Certifying File System:/nonexistent:/usr/sbin/nologin -agk:*:172:172::0:0:AquaGateKeeper:/nonexistent:/nonexistent -polipo:*:173:173::0:0:polipo web cache:/nonexistent:/usr/sbin/nologin -flowtools:*:174:174::0:0:Flow-tools collector pseudo-user:/nonexistent:/usr/sbin/nologin -twms:*:175:175::0:0:tWMS pseudo-user:/nonexistent:/usr/sbin/nologin -gdnsd:*:179:179::0:0:gDNSd pseudo-user:/nonexistent:/usr/sbin/nologin -nagios:*:181:181::0:0:Nagios pseudo-user:/var/spool/nagios:/usr/sbin/nologin -noc:*:182:182::0:0:NOC pseudo-user:/usr/local/noc:/bin/sh -icinga:*:183:183::0:0:Icinga pseudo-user:/var/spool/icinga:/usr/sbin/nologin -dnscache:*:184:184::0:0:dnscache pseudo-user:/nonexistent:/usr/sbin/nologin -tinydns:*:185:185::0:0:tinydns pseudo-user:/nonexistent:/usr/sbin/nologin -dnslog:*:186:186::0:0:dnslog pseudo-user:/nonexistent:/usr/sbin/nologin -swift:*:187:187::0:0:Swift daemon pseudo-user:/nonexistent:/usr/sbin/nologin -netxms:*:188:188::0:0:netxms pseudo-user:/nonexistent:/usr/sbin/nologin -moinmoin:*:192:192::0:0:MoinMoin User:/nonexistent:/usr/sbin/nologin -cups:*:193:193::0:0:Cups Owner:/nonexistent:/usr/sbin/nologin -saned:*:194:194::0:0:SANE Scanner Daemon:/nonexistent:/bin/sh -radns:*:195:195::0:0:radns user:/nonexistent:/usr/sbin/nologin -mcserver:*:199:199::0:0:Minecraft Server:/nonexistent:/bin/sh -sympa:*:200:200::0:0:Sympa Owner:/nonexistent:/usr/sbin/nologin -privoxy:*:201:201::0:0:Privoxy proxy user:/nonexistent:/usr/sbin/nologin -dspam:*:202:202::0:0:Dspam:/nonexistent:/usr/sbin/nologin -yate:*:204:204::0:0:Yate:/nonexistent:/usr/sbin/nologin -gnugk:*:205:205::0:0:GNU GateKeeper pseudo-user:/nonexistent:/usr/sbin/nologin -gini:*:206:206::0:0:& streaming server:/var/log/gini:/usr/sbin/nologin -_mixminion:*:207:207::0:0:Mixminion server:/nonexistent:/usr/sbin/nologin -shoutcast:*:210:210::0:0:Shoutcast sandbox:/nonexistent:/bin/sh -git:*:211:211::0:0:gitosis user:/usr/local/git:/bin/sh -hg:*:212:212::0:0:mercurial-server user:/usr/local/hg:/bin/sh -drizzle:*:213:213::0:0:Drizzle daemon:/var/db/drizzle:/usr/sbin/nologin -opendnssec:*:215:215::0:0:Opendnssec Pseudo User:/nonexistent:/usr/sbin/nologin -bs:*:220:220::0:0:Big Sister:/usr/local/bigsister:/bin/sh -rtpproxy:*:222:222::0:0:& user:/nonexistent:/sbin/nologin -postgrey:*:225:225::0:0:Postgrey Owner:/nonexistent:/usr/sbin/nologin -sqlgrey:*:226:226::0:0:SQLgrey Owner:/nonexistent:/usr/sbin/nologin -aprsd:*:240:240::0:0:aprsd:/nonexistent:/bin/sh -tnc:*:241:241::0:0:aprsd:/nonexistent:/bin/sh -prosody:*:242:242::0:0:Prosody Jabber Server:/nonexistent:/usr/sbin/nologin -fcron:*:247:247::0:0:fcron pseudo-user:/nonexistent:/usr/sbin/nologin -_adsuck:*:253:253::0:0:Adsuck ad blocking user:/nonexistent:/usr/sbin/nologin -_tor:*:256:256::0:0:Tor anonymizing router:/var/db/tor:/usr/sbin/nologin -_smtpd:*:257:257::0:0:OpenSMTPD:/var/empty:/usr/sbin/nologin -_smtpq:*:258:257::0:0:OpenSMTPD queue user:/var/empty:/usr/sbin/nologin -meta1s:*:260:260::0:0:MeTA1 SMTPS:/nonexistent:/usr/sbin/nologin -meta1q:*:261:261::0:0:MeTA1 QMGR:/nonexistent:/usr/sbin/nologin -meta1c:*:262:262::0:0:MeTA1 SMTPC:/nonexistent:/usr/sbin/nologin -meta1m:*:263:263::0:0:MeTA1 misc:/nonexistent:/usr/sbin/nologin -meta1:*:264:264::0:0:MeTA1 other:/nonexistent:/usr/sbin/nologin -hacluster:*:275:275::0:0:Heartbeat cluster user:/nonexistent:/usr/sbin/nologin -frontbase:*:276:276::0:0:FrontBase Daemon:/usr/local/FrontBase/Databases:/bin/sh -mrtg:*:279:279::0:0:MRTG daemon:/nonexistent:/usr/sbin/nologin -xymon:*:280:280::0:0:Xymon Monitor:/nonexistent:/usr/sbin/nologin -prelude:*:281:281::0:0:Prelude user:/nonexistent:/usr/sbin/nologin -spread:*:282:282::0:0:Spread user:/nonexistent:/usr/sbin/nologin -devmon:*:283:283::0:0:devmon monitor:/nonexistent:/usr/sbin/nologin -vnstat:*:284:284::0:0:vnStat Network Monitor:/nonexistent:/usr/sbin/nologin -exaddos:*:285:285::0:0:exaddos daemon user:/nonexistent:/usr/sbin/nologin -backuppc:*:300:300::0:0:BackupPC pseudo-user:/nonexistent:/usr/sbin/nologin -_sphinx:*:312:312::0:0:Sphinxsearch Owner:/nonexistent:/usr/sbin/nologin -dkfilter:*:325:325::0:0:DK Filter Owner:/nonexistent:/usr/sbin/nologin -_pma:*:336:80::0:0:phpMyAdmin Owner:/nonexistent:/usr/sbin/nologin -daapd:*:337:337::0:0:daapd User:/nonexistent:/usr/sbin/nologin -murmur:*:338:338::0:0:& User:/nonexistent:/usr/sbin/nologin -wildfire:*:340:340::0:0:Wildfire Daemon:/nonexistent:/usr/sbin/nologin -stunnel:*:341:341::0:0:Stunnel Daemon:/nonexistent:/usr/sbin/nologin -openfire:*:342:342::0:0:Openfire IM Daemon:/nonexistent:/usr/sbin/nologin -_sabnzbd:*:350:350::0:0:sabnzb Daemon:/nonexistent:/usr/sbin/nologin -_iodined:*:353:353::0:0:Iodine Daemon:/nonexistent:/usr/sbin/nologin -httptunnel:*:361:361::0:0:httptunnel Daemon:/nonexistent:/usr/sbin/nologin -ldap:*:389:389::0:0:OpenLDAP Server:/nonexistent:/usr/sbin/nologin -tiarra:*:398:398::0:0:Tiarra IRC Proxy:/nonexistent:/usr/sbin/nologin -uhub:*:411:411::0:0:uHub ADC Daemon:/nonexistent:/usr/sbin/nologin -drweb:*:426:426::0:0:Dr.Web Mail Scanner:/nonexistent:/usr/sbin/nologin -quasselcore:*:442:442::0:0:Quassel IRC User:/nonexistent:/usr/sbin/nologin -callweaver:*:444:444::0:0:Callweaver account:/var/lib/callweaver:/usr/sbin/nologin -courier:*:465:465::0:0:Courier Mail Server:/nonexistent:/usr/sbin/nologin -condor:*:466:466::0:0:& user:/home/condor:/usr/sbin/nologin -netmon:*:467:467::0:0:Network monitor account:/var/netmon:/usr/sbin/nologin -slurm:*:468:468::0:0:SLURM Daemon:/home/slurm:/usr/sbin/nologin -_bbstored:*:505:505::0:0:Box Backup Store Daemon:/nonexistent:/usr/sbin/nologin -radmind:*:506:506::0:0:radmind User:/var/radmind:/usr/sbin/nologin -skkserv:*:507:507::0:0:skkserv User:/nonexistent:/usr/sbin/nologin -pwhois:*:512:512::0:0:pwhoisd User:/nonexistent:/usr/sbin/nologin -nullmail:*:522:522::0:0:Nullmailer Mail System:/var/spool/nullmailer:/bin/sh -freevo:*:523:523::0:0:Freevo User:/var/db/freevo:/bin/sh -dkimproxy:*:525:525::0:0:DKIM Proxy Owner:/nonexistent:/usr/sbin/nologin -pgbouncer:*:534:534::0:0:Pgbouncer Daemon:/nonexistent:/usr/sbin/nologin -redis:*:535:535::0:0:Redis Daemon:/nonexistent:/usr/sbin/nologin -_flowd:*:542:542::0:0:flowd privilege separation user:/var/empty:/usr/sbin/nologin -ejabberd:*:543:543::0:0:ejabberd pseudo user:/var/spool/ejabberd:/bin/sh -knot:*:553:553::0:0:Knot DNS Server:/nonexistent:/usr/sbin/nologin -qtss:*:554:554::0:0:Darwin Streaming Server:/nonexistent:/usr/sbin/nologin -ircdru:*:555:555::0:0:Russian hybrid IRC server:/nonexistent:/bin/sh -messagebus:*:556:556::0:0:D-BUS Daemon User:/nonexistent:/usr/sbin/nologin -avahi:*:558:558::0:0:Avahi Daemon User:/nonexistent:/usr/sbin/nologin -tacacs:*:559:559::0:0:TACACS+ Daemon User:/nonexistent:/usr/sbin/nologin -haldaemon:*:560:560::0:0:HAL Daemon User:/nonexistent:/usr/sbin/nologin -distcc:*:561:561::0:0:Distcc user:/nonexistent:/usr/sbin/nologin -polkit:*:562:562::0:0:PolicyKit User:/nonexistent:/usr/sbin/nologin -pulse:*:563:563::0:0:PulseAudio System User:/nonexistent:/usr/sbin/nologin -assp:*:587:587::0:0:ASSP Anti-Spam Proxy:/var/db/assp:/usr/sbin/nologin -avahi-autoipd:*:588:588::0:0:Avahi Autoipd Daemon user:/nonexistent:/usr/sbin/nologin -_xsi:*:600:600::0:0:XMLSysInfo User:/nonexistent:/usr/sbin/nologin -_tss:*:601:601:daemon:0:0:TrouSerS user:/var/empty:/usr/sbin/nologin -_pkcs11:*:602:602:daemon:0:0:opencryptoki user:/var/empty:/usr/sbin/nologin -freeswitch:*:610:610::0:0:Freeswitch user:/nonexistent:/usr/sbin/nologin -_pla:*:636:80::0:0:phpLDAPAdmin Owner:/nonexistent:/usr/sbin/nologin -monkeysphere:*:641:641::0:0:Monkeysphere User:/var/monkeysphere:/usr/local/bin/bash -aox:*:666:666::0:0:Archiveopteryx user:/nonexistent:/usr/sbin/nologin -riak:*:667:667::0:0:Riak user:/usr/local/lib/riak:/bin/sh -bnetd:*:700:700::0:0:Bnetd user:/nonexistent:/usr/sbin/nologin -bopm:*:717:717::0:0:Blitzed Open Proxy Monitor:/nonexistent:/bin/sh -openxpki:*:777:777::0:0:OpenXPKI Owner:/nonexistent:/usr/sbin/nologin -zetacoin:*:780:780::0:0:ZetaCoin Daemon:/nonexistent:/usr/sbin/nologin -foreman_proxy:*:812:812::0:0:Foreman Smart Proxy:/usr/local/share/foreman-proxy:/usr/sbin/nologin -puppet:*:814:814::0:0:Puppet Daemon:/nonexistent:/usr/sbin/nologin -jenkins:*:818:818::0:0:Jenkins CI:/usr/local/jenkins:/bin/sh -openacs:*:820:820::0:0:OpenACS Daemon User:/nonexistent:/usr/sbin/nologin -dotlrn:*:821:821::0:0:.LRN Daemon User:/nonexistent:/usr/sbin/nologin -polw:*:825:825::0:0:Policyd-weight Cache Owner:/nonexistent:/sbin/nologin -statsd:*:826:826::0:0:Statsd Daemon:/nonexistent:/sbin/nologin -netdisco:*:840:840::0:0:netdisco daemon:/nonexistent:/usr/sbin/nologin -munin:*:842:842::0:0:Munin:/var/munin:/usr/sbin/nologin -fossy:*:901:901::0:0:FOSSology user:/usr/local/share/fossology:/usr/local/bin/bash -bacula:*:910:910::0:0:Bacula Daemon:/var/db/bacula:/usr/sbin/nologin -iserv:*:911:911::0:0:Iserv Daemon:/nonexistent:/usr/sbin/nologin -_sj3:*:912:912::0:0:SJ3 Daemon:/nonexistent:/usr/sbin/nologin -_relayd:*:913:913::0:0:Relay Daemon:/var/empty:/usr/sbin/nologin -bitlbee:*:914:914::0:0:Bitlbee pseudo-user:/var/db/bitlbee:/usr/sbin/nologin -logcheck:*:915:915::0:0:Logcheck system account:/var/lib/logcheck:/usr/local/bin/bash -_prayer:*:917:917::0:0:Prayer Account:/nonexistent:/usr/sbin/nologin -nefu:*:918:918::0:0:Nefu daemon:/var/db/nefu:/usr/sbin/nologin -couchdb:*:919:919::0:0:CouchDB Account:/var/empty:/usr/sbin/nologin -vboxusers:*:920:920::0:0:Virtualbox user:/nonexistent:/usr/sbin/nologin -transmission:*:921:921::0:0:Transmission Daemon User:/usr/local/etc/transmission/home:/usr/sbin/nologin -mongodb:*:922:922::0:0:MongoDB pseudo-user:/var/db/mongodb:/usr/sbin/nologin -liquidsoap:*:923:923::0:0:Liquidsoap User:/nonexistent:/usr/sbin/nologin -postpals:*:924:924::0:0:postpals user:/nonexistent:/usr/sbin/nologin -mfs:*:925:925::0:0:MooseFS User:/nonexistent:/usr/sbin/nologin -minbif:*:926:926::0:0:Minbif Daemon User:/nonexistent:/usr/sbin/nologin -kumofs:*:927:927::0:0:kumofs daemon:/nonexistent:/usr/sbin/nologin -nslcd:*:928:928::0:0:nslcd daemon:/nonexistent:/usr/sbin/nologin -activemq:*:929:929::0:0:ActiveMQ Daemon:/nonexistent:/usr/sbin/nologin -ifgraph:*:930:930::0:0:ifGraph:/nonexistent:/usr/sbin/nologin -asterisk:*:931:931::0:0:Asterisk User:/nonexistent:/usr/sbin/nologin -sancp:*:932:932::0:0:SANCP Daemon:/var/log/sancp:/usr/sbin/nologin -dlna:*:933:933::0:0:DLNA Daemon:/nonexistent:/usr/sbin/nologin -torrus:*:934:934::0:0:torrus daemon:/nonexistent:/usr/sbin/nologin -erlyvideo:*:935:935::0:0:erlyvideo user:/nonexistent:/usr/sbin/nologin -crtmpserver:*:936:936::0:0:crtmpserver user:/nonexistent:/usr/sbin/nologin -get_iplayer:*:937:937::0:0:get_iplayer user:/nonexistent:/usr/sbin/nologin -vdr:*:938:938::0:0:vdr user:/nonexistent:/usr/sbin/nologin -noip:*:939:939::0:0:noip user:/nonexistent:/usr/sbin/nologin -_tcpproxy:*:940:940::0:0:tcpproxy user:/nonexistent:/usr/sbin/nologin -cego:*:941:941::0:0:cego user:/usr/local/cego:/usr/sbin/nologin -teamspeak:*:942:942::0:0:TeamSpeak user:/nonexistent:/usr/sbin/nologin -dnetfold:*:943:943::0:0:& user:/nonexistent:/usr/sbin/nologin -bbs:*:944:944::0:0:& user:/nonexistent:/usr/sbin/nologin -dbxml:*:945:945::0:0:& user:/nonexistent:/usr/sbin/nologin -sybase:*:946:946::0:0:& user:/usr/local/sybase-ase:/usr/sbin/nologin -dnrd:*:948:948::0:0:& user:/nonexistent:/usr/sbin/nologin -zenoss:*:949:949::0:0:& user:/usr/local/zenoss:/bin/sh -openerpd:*:951:951::0:0:Openerpd user:/nonexistent:/usr/sbin/nologin -bitten-slave:*:952:952:daemon:0:0:Bitten slave user:/var/lib/bitten-slave:/usr/sbin/nologin -_neubot:*:953:953::0:0:neubot daemon:/nonexistent:/usr/sbin/nologin -oops:*:954:65534::0:0:oops user:/nonexistent:/usr/sbin/nologin -hadoop:*:955:955::0:0:hadoop user:/nonexistent:/usr/sbin/nologin -pandora:*:956:956::0:0:Pandora FMS user:/usr/local/etc/pandora/home:/usr/sbin/nologin -razorback:*:957:957::0:0:Razorback user:/var/run/razorback:/usr/sbin/nologin -gnunet:*:958:958::0:0:GNUnet daemon:/var/lib/gnunet:/usr/sbin/nologin -c_icap:*:959:959::0:0:c-icap daemon:/var/empty:/usr/sbin/nologin -trytond:*:960:960::0:0:trytond daemon:/var/empty:/usr/sbin/nologin -gearmand:*:961:961::0:0:gearmand daemon:/var/empty:/usr/sbin/nologin -zookeeper:*:962:962::0:0:zookeeper user:/nonexistent:/usr/sbin/nologin -fluentd:*:963:963::0:0:fluentd user:/nonexistent:/usr/sbin/nologin -git_daemon:*:964:964::0:0:git daemon:/nonexistent:/usr/sbin/nologin -elasticsearch:*:965:965::0:0:elasticsearch user:/nonexistent:/usr/sbin/nologin -ossec:*:966:966::0:0:OSSEC user:/usr/local/ossec-hids:/usr/sbin/nologin -ossecm:*:967:966::0:0:OSSEC mail user:/usr/local/ossec-hids:/usr/sbin/nologin -ossecr:*:968:966::0:0:OSSEC rem user:/usr/local/ossec-hids:/usr/sbin/nologin -kippo:*:969:969::0:0:kippo user:/nonexistent:/usr/sbin/nologin -colord:*:970:970::0:0:colord color management daemon:/nonexistent:/usr/sbin/nologin -shibd:*:971:971::0:0:Shibboleth SAML daemon:/nonexistent:/usr/sbin/nologin -plex:*:972:972::0:0:Plex Media Server:/nonexistent:/usr/sbin/nologin -boinc:*:973:973::0:0:BOINC user:/var/db/boinc:/bin/sh -radicale:*:974:974::0:0:Radicale daemon:/nonexistent:/usr/sbin/nologin -unifi:*:975:975::0:0:Unifi Wireless Controller:/nonexistent:/usr/sbin/nologin -minetest:*:976:976::0:0:& server:/nonexistent:/usr/sbin/nologin -tests:*:977:65534::0:0:Unprivileged user for tests:/nonexistent:/usr/sbin/nologin -_dnscrypt-proxy:*:978:65534::0:0:dnscrypt-proxy user:/nonexistent:/usr/sbin/nologin -nobody:*:65534:65534::0:0:Unprivileged user:/nonexistent:/usr/sbin/nologin +Index: UPDATING +=================================================================== +--- UPDATING (revision 356685) ++++ UPDATING (working copy) +@@ -5,6 +5,19 @@ + You should get into the habit of checking this file for changes each time + you update your ports collection, before attempting any port upgrades. + ++20140604 ++ AFFECTS: users of dns/dnscrypt-proxy ++ AUTHOR: feld@FreeBSD.org ++ ++ The 1.4.0 update to dns/dnscrypt-proxy introduced a privilege ++ separation capability utilizing the new _dnscrypt-proxy user. ++ The home directory for this user was misconfigured as /nonexistent. ++ The dnscrypt-proxy server will try to chroot to _dnscrypt-proxy's home ++ directory and fail to start. If you are affected you will need to ++ change _dnscrypt-proxy's home directory to /var/empty: ++ ++ # pw usermod _dnscrypt-proxy -d /var/empty ++ + 20140603 + AFFECTS: users of net-p2p/zetacoin + AUTHOR: daniel@morante.net +Index: dns/dnscrypt-proxy/Makefile +=================================================================== +--- dns/dnscrypt-proxy/Makefile (revision 356684) ++++ dns/dnscrypt-proxy/Makefile (working copy) +@@ -3,6 +3,7 @@ + + PORTNAME= dnscrypt-proxy + PORTVERSION= 1.4.0 ++PORTREVISION= 1 + CATEGORIES= dns + MASTER_SITES= http://download.dnscrypt.org/dnscrypt-proxy/ \ + http://www.dns-lab.com/downloads/dnscrypt-proxy/ +Index: dns/dnscrypt-proxy/files/dnscrypt-proxy.in +=================================================================== +--- dns/dnscrypt-proxy/files/dnscrypt-proxy.in (revision 356684) ++++ dns/dnscrypt-proxy/files/dnscrypt-proxy.in (working copy) +@@ -2,7 +2,7 @@ + # + # $FreeBSD$ + # +-# PROVIDE: dnscrypt-proxy ++# PROVIDE: dnscrypt_proxy + # REQUIRE: SERVERS cleanvar + # BEFORE: named + # KEYWORD: shutdown +@@ -9,8 +9,16 @@ + # + # Add the following lines to /etc/rc.conf to enable dnscrypt-proxy: + # +-# dnscrypt_proxy_enable="YES": Set to NO by default. +-# Set it to YES to enable dnscrypt-proxy. ++# dnscrypt_proxy_enable (bool): Set to NO by default. ++# Set to YES to enable dnscrypt-proxy. ++# dnscrypt_proxy_uid (str): Set to "_dnscrypt-proxy" by default. ++# User to switch to after starting. ++# dnscrypt_proxy_resolver (str):Set to "opendns" by default. ++# Choose a different upstream resolver. ++# dnscrypt_proxy_pidfile (str): default: "/var/run/dnscrypt-proxy.pid" ++# Location of pid file. ++# dnscrypt_proxy_logfile (str): default: "/var/log/dnscrypt-proxy.log" ++# Location of log file. + # + # To redirect a local resolver through dnscrypt-proxy, point it at 127.0.0.2 + # and add the following to rc.conf: +@@ -22,26 +30,17 @@ + name=dnscrypt_proxy + rcvar=dnscrypt_proxy_enable + +-stop_cmd=dnscrypt_proxy_stop +- + load_rc_config ${name} + + : ${dnscrypt_proxy_enable:=NO} + : ${dnscrypt_proxy_uid=_dnscrypt-proxy} # User to run daemon as ++: ${dnscrypt_proxy_resolver=opendns} # resolver to use + : ${dnscrypt_proxy_pidfile=/var/run/dnscrypt-proxy.pid} # Path to pid file + : ${dnscrypt_proxy_logfile=/var/log/dnscrypt-proxy.log} # Path to log file + +-if [ -n "$dnscrypt_proxy_uid" ]; then +- dnscrypt_proxy_flags="${dnscrypt_proxy_flags} -u ${dnscrypt_proxy_uid}" +-fi +- + command=%%PREFIX%%/sbin/dnscrypt-proxy ++command_args="-d -p ${dnscrypt_proxy_pidfile} -l ${dnscrypt_proxy_logfile} -u ${dnscrypt_proxy_uid} -R ${dnscrypt_proxy_resolver}" + procname=%%PREFIX%%/sbin/dnscrypt-proxy ++pidfile=${dnscrypt_proxy_pidfile} + +-command_args="-d -p ${dnscrypt_proxy_pidfile} -l ${dnscrypt_proxy_logfile}" +- +-dnscrypt_proxy_stop() { +- kill -KILL `cat ${pidfile}` 2> /dev/null && echo "Killed ${name}." +- } +- + run_rc_command "$1" @@ -5,6 +5,19 @@ they are unavoidable. You should get into the habit of checking this file for changes each time you update your ports collection, before attempting any port upgrades. +20140604 + AFFECTS: users of dns/dnscrypt-proxy + AUTHOR: feld@FreeBSD.org + + The 1.4.0 update to dns/dnscrypt-proxy introduced a privilege + separation capability utilizing the new _dnscrypt-proxy user. + The home directory for this user was misconfigured as /nonexistent. + The dnscrypt-proxy server will try to chroot to _dnscrypt-proxy's home + directory and fail to start. If you are affected you will need to + change _dnscrypt-proxy's home directory to /var/empty: + + # pw usermod _dnscrypt-proxy -d /var/empty + 20140603 AFFECTS: users of net-p2p/zetacoin AUTHOR: daniel@morante.net diff --git a/dns/dnscrypt-proxy/Makefile b/dns/dnscrypt-proxy/Makefile index 41eed493f01d..f51b53c4e276 100644 --- a/dns/dnscrypt-proxy/Makefile +++ b/dns/dnscrypt-proxy/Makefile @@ -3,6 +3,7 @@ PORTNAME= dnscrypt-proxy PORTVERSION= 1.4.0 +PORTREVISION= 1 CATEGORIES= dns MASTER_SITES= http://download.dnscrypt.org/dnscrypt-proxy/ \ http://www.dns-lab.com/downloads/dnscrypt-proxy/ diff --git a/dns/dnscrypt-proxy/files/dnscrypt-proxy.in b/dns/dnscrypt-proxy/files/dnscrypt-proxy.in index 33ef4ae31016..eeafcefaf36a 100644 --- a/dns/dnscrypt-proxy/files/dnscrypt-proxy.in +++ b/dns/dnscrypt-proxy/files/dnscrypt-proxy.in @@ -2,15 +2,23 @@ # # $FreeBSD$ # -# PROVIDE: dnscrypt-proxy +# PROVIDE: dnscrypt_proxy # REQUIRE: SERVERS cleanvar # BEFORE: named # KEYWORD: shutdown # # Add the following lines to /etc/rc.conf to enable dnscrypt-proxy: # -# dnscrypt_proxy_enable="YES": Set to NO by default. -# Set it to YES to enable dnscrypt-proxy. +# dnscrypt_proxy_enable (bool): Set to NO by default. +# Set to YES to enable dnscrypt-proxy. +# dnscrypt_proxy_uid (str): Set to "_dnscrypt-proxy" by default. +# User to switch to after starting. +# dnscrypt_proxy_resolver (str):Set to "opendns" by default. +# Choose a different upstream resolver. +# dnscrypt_proxy_pidfile (str): default: "/var/run/dnscrypt-proxy.pid" +# Location of pid file. +# dnscrypt_proxy_logfile (str): default: "/var/log/dnscrypt-proxy.log" +# Location of log file. # # To redirect a local resolver through dnscrypt-proxy, point it at 127.0.0.2 # and add the following to rc.conf: @@ -22,26 +30,17 @@ name=dnscrypt_proxy rcvar=dnscrypt_proxy_enable -stop_cmd=dnscrypt_proxy_stop - load_rc_config ${name} : ${dnscrypt_proxy_enable:=NO} : ${dnscrypt_proxy_uid=_dnscrypt-proxy} # User to run daemon as +: ${dnscrypt_proxy_resolver=opendns} # resolver to use : ${dnscrypt_proxy_pidfile=/var/run/dnscrypt-proxy.pid} # Path to pid file : ${dnscrypt_proxy_logfile=/var/log/dnscrypt-proxy.log} # Path to log file -if [ -n "$dnscrypt_proxy_uid" ]; then - dnscrypt_proxy_flags="${dnscrypt_proxy_flags} -u ${dnscrypt_proxy_uid}" -fi - command=%%PREFIX%%/sbin/dnscrypt-proxy +command_args="-d -p ${dnscrypt_proxy_pidfile} -l ${dnscrypt_proxy_logfile} -u ${dnscrypt_proxy_uid} -R ${dnscrypt_proxy_resolver}" procname=%%PREFIX%%/sbin/dnscrypt-proxy - -command_args="-d -p ${dnscrypt_proxy_pidfile} -l ${dnscrypt_proxy_logfile}" - -dnscrypt_proxy_stop() { - kill -KILL `cat ${pidfile}` 2> /dev/null && echo "Killed ${name}." - } +pidfile=${dnscrypt_proxy_pidfile} run_rc_command "$1" |