Age | Commit message (Collapse) | Author | Files | Lines |
|
the owner of all installed files is a non-root user. This change
affects most packages that require special users or groups by making
them use the specified unprivileged user and group instead.
(1) Add two new variables PKG_GROUPS_VARS and PKG_USERS_VARS to
unprivileged.mk. These two variables are lists of other bmake
variables that define package-specific users and groups. Packages
that have user-settable variables for users and groups, e.g. apache
and APACHE_{USER,GROUP}, courier-mta and COURIER_{USER,GROUP},
etc., should list these variables in PKG_USERS_VARS and PKG_GROUPS_VARS
so that unprivileged.mk can know to set them to ${UNPRIVILEGED_USER}
and ${UNPRIVILEGED_GROUP}.
(2) Modify packages to use PKG_GROUPS_VARS and PKG_USERS_VARS.
|
|
related packages.
|
|
* cvsd-buildroot: further portability improvements on 64 bit platforms
* added Portuguese debconf translation by Ricardo Silva
* added warnings and errors on failing to close a socket
|
|
changes from 1.0.11 to 1.0.12
-----------------------------
* fixes in cvsd-buildroot to not abort on failure of some commands
|
|
changes from 1.0.10 to 1.0.11
-----------------------------
* cvsd-buildroot should now install libraries in the same directory structure
as on the normal filesystem, resulting in better support for 64 bit systems
* other small improvements to cvsd-buildroot, including better error handling
and not overwriting devices
* small code improvements
|
|
Based on the work by Eric Schnoebelen and virtus@ in pkgsrc-wip.
DESCR:
cvsd is a wrapper program for cvs in pserver mode. It will run 'cvs
pserver' under a special uid/gid in a chroot jail.
cvsd is run as a daemon and is controlled through a configuration
file. It is relatively easy to configure and tools are provided
for easily setting up a rootjail.
This server can be useful if you want to run a public cvs pserver.
You should however be aware of the security limitations of running
a cvs pserver. If you want any kind of authentication you should
really consider using secure shell as a secure authentication
mechanism and transport. Passwords used in cvs pserver are transmitted
in plaintext and this wrapper won't change that.
This server adds a layer of security to cvs. cvs is a very powerful
tool and is capable of running scripts and other things. By running
cvs in a rootjail it is possible to limit the amount of "damage"
cvs can do if it is exploited. It is generally a good idea to run
cvsd without any write permissions to any directory on the system.
|