From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from lists.gentoo.org ([140.105.134.102] helo=robin.gentoo.org) by finch.gentoo.org with esmtp (Exim 4.60) (envelope-from ) id 1InwOQ-0003W9-3y for garchives@archives.gentoo.org; Fri, 02 Nov 2007 13:16:58 +0000 Received: from robin.gentoo.org (localhost [127.0.0.1]) by robin.gentoo.org (8.14.1/8.14.0) with SMTP id lA2DG7Fu006792; Fri, 2 Nov 2007 13:16:07 GMT Received: from farragut.cafarelli.fr (farragut.cafarelli.fr [88.191.27.4]) by robin.gentoo.org (8.14.1/8.14.0) with ESMTP id lA2DEC8h004373 for ; Fri, 2 Nov 2007 13:14:12 GMT Received: by farragut.cafarelli.fr (Postfix, from userid 81) id 8F455224EBA; Fri, 2 Nov 2007 14:17:45 +0100 (CET) To: gentoo-dev@lists.gentoo.org Subject: Re: [gentoo-dev] Re: [gentoo-commits] gentoo-x86 commit in net-misc/nxserver-freenx: nxserver-freenx-0.7.0-r1.ebuild ChangeLog nxserver-freenx-0.7.1.ebuild Precedence: bulk List-Post: List-Help: List-Unsubscribe: List-Subscribe: List-Id: Gentoo Linux mail X-BeenThere: gentoo-dev@gentoo.org Reply-to: gentoo-dev@lists.gentoo.org MIME-Version: 1.0 Date: Fri, 2 Nov 2007 14:17:45 +0100 From: Bernard Cafarelli Organization: Gentoo Foundation, Inc. In-Reply-To: <200711020335.35988.vapier@gentoo.org> References: <200711020335.35988.vapier@gentoo.org> Message-ID: <601f793be4f9bd08aab8264b38ce6da8@localhost> X-Sender: voyageur@gentoo.org User-Agent: RoundCube Webmail/0.1b Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable X-MIME-Autoconverted: from 8bit to quoted-printable by robin.gentoo.org id lA2DG7He006792 X-Archives-Salt: 9ffa803b-ff66-4651-a64e-afcf0212143b X-Archives-Hash: 4b88732bdc8fc3824f722325d8692f9f On Fri, 2 Nov 2007 03:35:35 -0400, Mike Frysinger =0D wrote:=0D > On Thursday 01 November 2007, Bernard Cafarelli wrote:=0D >> Le Thu, 1 Nov 2007 16:06:51 +0100=0D >>=0D >> Marius Mauch a =C3=A9crit:=0D >> > On Thu, 1 Nov 2007 15:43:18 +0100=0D >> >=0D >> > Bernard Cafarelli wrote:=0D >> > > Le Wed, 31 Oct 2007 16:42:35 -0700=0D >> > >=0D >> > > Donnie Berkholz a =C3=A9crit:=0D >> > > > On 19:49 Wed 31 Oct , Bernard Cafarelli (voyageur) wrote:=0D >> > > > > 1.1=0D >> > > > > net-misc/nxserver-freenx/nxserver-freenx-0.7.1.ebuild=0D >> > > > >=0D >> > > > > file :=0D >> > > > >=0D > http://sources.gentoo.org/viewcvs.py/gentoo-x86/net-misc/nxserver-f=0D >> > > > >reenx/nxserver-freenx-0.7.1.ebuild?rev=3D1.1&view=3Dmarkup plai= n:=0D >> > > > >=0D > http://sources.gentoo.org/viewcvs.py/gentoo-x86/net-misc/nxserver-f=0D >> > > >=0D >>reenx/nxserver-freenx-0.7.1.ebuild?rev=3D1.1&content-type=3Dtext/plain=0D >> > > > >=0D >> > > > > pkg_postinst () {=0D >> > > > > usermod -s /usr/bin/nxserver nx || die "Unable to set=0D >> > > > > login shell of nx user!!" usermod -d ${NX_HOME_DIR} nx || die=0D >> > > > > "Unable to set home directory of nx user!!"=0D >> > > >=0D >> > > > This isn't safe with ROOT !=3D / and it looks wrong too, you oug= hta=0D >> > > > be using enewuser for this stuff.=0D >> > > >=0D >> > > > Thanks,=0D >> > > > Donnie=0D >> > >=0D >> > > The problem is, enewuser can not be used to modify already existin= g=0D >> > > user accounts.This happens if another nxserver was installed befor= e=0D >> > > (which uses the same account, but with different shell and home=0D >> > > directory).=0D >> > >=0D >> > > I'll fix ROOT handling in the meantime, this should be better:=0D >> > > usermod -s "${ROOT}"/usr/bin/nxserver nx=0D >> > > usermod -d "${ROOT}"{NX_HOME_DIR} nx=0D >> >=0D >> > Should it really? Wouldn't it modify /etc/passwd instead of the one = in=0D >> > $ROOT, in which case it would actually be worse?=0D >> > Might be better to make it conditional on ROOT =3D /, and show a=0D >> > warning if ROOT !=3D /, unless you can find a solution that is safe = for=0D >> > ROOT !=3D /=0D >>=0D >> Yes, as pointed out on IRC by zlin, this does not fix the problem at=0D >> all (and make it a little worse!).=0D >>=0D >> Making it conditional on ROOT !=3D / is a good workaround in the=0D >> meantime: not breaking anything in all cases, and as the problem only= =0D >> appears if a different nxserver was installed before, it still works i= n=0D >> most cases. Thanks!=0D > =0D > presumably you have init.d scripts which would start the daemons ? in=0D > that =0D > case, it'd make more sense i think to move the user account check to th= e =0D > init.d start() function and error out telling the user what to do inste= ad=0D > of =0D > modifying things on them (which i think is bad form). see the cheesy=0D > check =0D > in openntpd's "ntpd" init.d script as an example.=0D > -mike=0D =0D nxserver-freeedition has one, however freenx only relies on ssh (connecti= ng=0D as nx user will start up the "server").=0D Unless I add one for freenx that only does the user checking (so all NX=0D servers would include a init.d script).=0D =0D Another solution would be to fix and update the setup scripts from the NX= =0D servers themselves, but this is less portable...=0D =0D Bernard --=20 gentoo-dev@gentoo.org mailing list