Create a "dnetc" user and group that owns relevant dnetc

directories, files, and runs the client.

This removes all reliance on the "nobody" account so that the account
doesn't own any files or run any processes.

3 files changed, 47 insertions, 9 deletions

diff --git a/misc/dnetc/Makefile b/misc/dnetc/Makefile
index 7e917773889a..47f8d501fad7 100644
--- a/misc/dnetc/Makefile
+++ b/misc/dnetc/Makefile
@@ -40,8 +40,10 @@ NO_BUILD=	yes
 BINDIR=		${PREFIX}/distributed.net
 LIBDIR=		${PREFIX}/etc/rc.d
 
-CLIENTUID=	nobody
-CLIENTGID=	daemon
+CLIENTUSER=	dnetc
+CLIENTUID=	26
+CLIENTGROUP=	${CLIENTUSER}
+CLIENTGID=	${CLIENTUID}
 
 SBINMODE=	700
 BINMODE=	700
@@ -49,23 +51,27 @@ BINMODE=	700
 MAN1=		dnetc.1
 
 do-configure:
-	if [ ! -f ${PREFIX}/dnetc.ini ]; then \
+	@if [ ! -f ${PREFIX}/dnetc.ini ]; then \
 		${INSTALL} -c -m 644 ${FILESDIR}/dnetc.ini ${WRKSRC}; \
 	fi
 
+pre-install:
+	@${ECHO} "==>  Creating custom user to run dnetc..."
+	${PKGINSTALL} ${PKGNAME} PRE-INSTALL "${CLIENTUSER}" "${CLIENTUID}" "${CLIENTGROUP}" "${CLIENTGID}"
+
 do-install:
-	if [ ! -d ${BINDIR} ]; then \
+	@if [ ! -d ${BINDIR} ]; then \
 		${MKDIR} ${BINDIR}; \
 	fi
 
-	${INSTALL} -c -m ${SBINMODE} -o ${CLIENTUID} -g ${CLIENTGID} ${WRKSRC}/dnetc ${BINDIR}
+	${INSTALL} -c -m ${SBINMODE} -o ${CLIENTUSER} -g ${CLIENTGROUP} ${WRKSRC}/dnetc ${BINDIR}
 
 	${SED} s#CHANGETHIS#${BINDIR}# < ${FILESDIR}/dnetc.sh > ${WRKSRC}/dnetc.sh.pathnames
 	${INSTALL} -c -m ${SBINMODE} ${WRKSRC}/dnetc.sh.pathnames ${LIBDIR}/dnetc.sh
 
 	${INSTALL_DATA} ${FILESDIR}/INFO ${BINDIR}
 
-	${CHOWN} ${CLIENTUID}:${CLIENTGID} ${BINDIR}
+	${CHOWN} ${CLIENTUSER}:${CLIENTGROUP} ${BINDIR}
 	${CHMOD} 775 ${BINDIR}
 
 	if [ ! -f ${BINDIR}/dnetc.sh ]; then \
@@ -73,7 +79,7 @@ do-install:
 	fi
 
 	${INSTALL_MAN} ${WRKSRC}/${MAN1} ${PREFIX}/man/man1
-	${INSTALL} -c -m 644 -o ${CLIENTUID} -g ${CLIENTGID} ${WRKDIR}/dnetc.ini ${BINDIR}/dnetc.ini.default
+	${INSTALL} -c -m 644 -o ${CLIENTUSER} -g ${CLIENTGROUP} ${WRKDIR}/dnetc.ini ${BINDIR}/dnetc.ini.default
 .if !exists(${BINDIR}/dnetc.ini)
 	@echo ""
 	@echo ""
@@ -89,7 +95,7 @@ do-install:
 	@echo ""
 	@echo ""
 	@echo ""
-	${INSTALL} -c -m 644 -o ${CLIENTUID} -g ${CLIENTGID} ${WRKDIR}/dnetc.ini ${BINDIR}
+	${INSTALL} -c -m 644 -o ${CLIENTUSER} -g ${CLIENTGROUP} ${WRKDIR}/dnetc.ini ${BINDIR}
 .endif
 
 .include <bsd.port.post.mk>
diff --git a/misc/dnetc/files/dnetc.sh b/misc/dnetc/files/dnetc.sh
index cccb86d62263..919e6f4c71c9 100644
--- a/misc/dnetc/files/dnetc.sh
+++ b/misc/dnetc/files/dnetc.sh
@@ -26,7 +26,7 @@ start)
 	fi
 
 	echo -n " dnetc"
-	su -m nobody -c "$dir/dnetc -quiet" 2>/dev/null >/dev/null &
+	su -m dnetc -c "$dir/dnetc -quiet" 2>/dev/null >/dev/null &
 	;;
 stop)
 	killall dnetc && echo -n " dnetc"
diff --git a/misc/dnetc/pkg-install b/misc/dnetc/pkg-install
new file mode 100644
index 000000000000..d837ae3a40c4
--- /dev/null
+++ b/misc/dnetc/pkg-install
@@ -0,0 +1,32 @@
+#!/bin/sh
+
+if [ "$2" != "PRE-INSTALL" ]; then
+    exit 0
+fi
+
+CLIENTUSER=$3
+CLIENTUID=$4
+CLIENTGROUP=$5
+CLIENTGID=$6
+
+if ! pw groupshow "$CLIENTGROUP" 2>/dev/null 1>&2; then
+	if pw groupadd $CLIENTGROUP -g $CLIENTGID; then
+		echo "=> Added group \"$CLIENTGROUP\"."
+	else
+                echo "=> Adding group \"$CLIENTGROUP\" failed..."
+                exit 1
+        fi
+fi
+
+if ! pw usershow "$CLIENTUSER" 2>/dev/null 1>&2; then
+        if pw useradd $CLIENTUSER -u $CLIENTUID -g $CLIENTGROUP -h - \
+                -s "/sbin/nologin" -d "/nonexistent" \
+                -c "distributed.net client and proxy pseudo-user"; \
+        then
+                echo "=> Added user \"$CLIENTUSER\"."
+        else
+                echo "=> Adding user \"$CLIENTUSER\" failed..."
+                exit 1
+        fi
+fi
+exit 0