Commit 1c3779c5 authored by Jakub Jirutka's avatar Jakub Jirutka 🇺🇦
Browse files

testing/radsecproxy: don't run as root, run as unprivileged user

parent 15fb9d1b
......@@ -14,6 +14,8 @@ makedepends="
nettle-dev
openssl-dev
"
install="$pkgname.pre-install"
pkggroups="radsecproxy"
subpackages="$pkgname-doc $pkgname-openrc"
source="https://github.com/radsecproxy/radsecproxy/releases/download/$pkgver/radsecproxy-$pkgver.tar.gz
dont-ignore-logdestination-in-foreground.patch
......@@ -46,7 +48,7 @@ package() {
# NOTE: radsecproxy.conf-example is a garbage, so we rather install our
# minimal config that actually works.
install -Dm644 "$srcdir"/radsecproxy.conf "$pkgdir"/etc/radsecproxy.conf
install -Dm640 -g "${pkggroups%% *}" "$srcdir"/radsecproxy.conf "$pkgdir"/etc/radsecproxy.conf
install -Dm755 "$srcdir"/$pkgname.initd "$pkgdir"/etc/init.d/$pkgname
install -Dm644 "$srcdir"/$pkgname.confd "$pkgdir"/etc/conf.d/$pkgname
......@@ -59,6 +61,6 @@ sha512sums="
e72a3b55089cb985503c74a0aa0c62e0a05ac5325217900d39aa87563dd639f154ee372ac5e62ecd5aed92b832b0e58bc43f9588ed7950ec731fa5b297e5c07c radsecproxy-1.9.1.tar.gz
b8fb597b7d972d4b1ca2063ded6a23ccecc90e84d303f7b7c52a82750b2eaf54c4a55d74bf190c4301e9b3fccf340974097438aa8b420bc98d2e18be14df9dc2 dont-ignore-logdestination-in-foreground.patch
d1cf3b812854f952d69d536fbd9381e71debdd083992a8882d68427ffbadc29f6cc73b43d61dcafacad731d3f78cd4828dc7c0ade7172947ddb68b08f28f0dc1 radsecproxy.conf
68f569eb4fe0b4f5e9c6e1f65a596b1cd4d38521adad782b80e6a3228f74ed86e02b962c2ccefa20b9b3b16649c03af7b9105b4ae3ad568a8c05b1acd12d3bc7 radsecproxy.initd
e268759550151b31dcbc41d63b4a3f5c99c5aab5e85ecc0b52fe0027dd918af0fae1fd7298b0abdf9e31c8764f80e98de65483d13bb57739468ae12c9cb480b8 radsecproxy.confd
d5d62277cb0c7dda3f5fdef7ed4fdda8359d382183ca83fad6a7b550d0f00606a3d0650cc50374d90cd9e6fccc9d565a638cb088d1a210d5db6c0cbd983e43b1 radsecproxy.initd
c4b2b996309be31476207fa97fbee4b32ce9ad295b94148270eba38588409729b37d07d17ceab85605b290b0ed4f3d3174802dad688555e68d864c0a0a45fb4f radsecproxy.confd
"
......@@ -3,6 +3,9 @@
# Path of the main configuration file.
#cfgfile="/etc/radsecproxy.conf"
# User (and group) to run radsecproxy.
#command_user="radsecproxy:radsecproxy"
# Additional options for radsecproxy.
# Run `radsecproxy -h` to see valid options.
#command_args=
......
......@@ -8,6 +8,7 @@ description_reopen="Reopen log files and reload TLS certificate CRLs"
extra_commands="checkconfig"
extra_started_commands="reopen"
: ${command_user:="radsecproxy:radsecproxy"}
: ${cfgfile:="/etc/radsecproxy.conf"}
command="/usr/sbin/radsecproxy"
......
#!/bin/sh
addgroup -S radsecproxy 2>/dev/null
adduser -S -D -H -h /dev/null -s /sbin/nologin -G radsecproxy -g radsecproxy radsecproxy 2>/dev/null
exit 0
Supports Markdown
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment