Home | Docs | Forums | Lists | Bugs | Planet | Store | GMN | Get Gentoo!

Full Text Bug Listing

Currently apache calls enewuser with /bin/false with /bin/false as shell to  
create an user that cannot login. This breaks on BSD and Darwin that uses 
other shells to login-disabled accounts, passing -1 (default parameter) let 
enewuser decide which shell to use. 
 
Thanks, 
Diego

Instead of opening one bug per package, maybe it's better creating a single     
bug report for all :)    

I've wrote a little ruby script to check for erroneous syntax on last and      
last-unmasked (if different) ebuilds, and run it to check for enewuser called   
with /bin/false as shell (that breaks Gentoo/FreeBSD and Gentoo/Darwin).      
As said, -1 is what you should use to let enewuser select the right no-login    
shell depending on userland.   

*-marked are unmaintained, I'll take care  

app-admin/tenshi/tenshi-0.3.4.ebuild    
app-antivirus/clamav/clamav-0.86.2.ebuild    
app-crypt/trousers/trousers-0.2.1.ebuild    
dev-db/mysql/mysql-5.0.9_beta-r2.ebuild    
dev-db/mysql/mysql-4.0.25-r2.ebuild    
dev-dotnet/xsp/xsp-1.0.9.ebuild    
dev-util/cvsd/cvsd-1.0.8.ebuild    
mail-filter/qmail-scanner/qmail-scanner-1.25-r1.ebuild    
mail-filter/amavisd-new/amavisd-new-2.3.2.ebuild    
mail-filter/postgrey/postgrey-1.21.ebuild    
mail-mta/xmail/xmail-1.21.ebuild    
mail-mta/qmail/qmail-1.03-r16.ebuild   
mail-mta/sendmail/sendmail-8.13.4-r1.ebuild   
mail-mta/postfix/postfix-2.2.4.ebuild   
mail-mta/postfix/postfix-2.2.2-r1.ebuild   
media-video/flumotion/flumotion-0.1.8.ebuild   
net-analyzer/scanlogd/scanlogd-2.2.5.ebuild    
net-analyzer/flow-tools/flow-tools-0.68-r1.ebuild   
net-analyzer/zabbix-agent/zabbix-agent-1.1_alpha7.ebuild   
net-analyzer/zabbix-server/zabbix-server-1.1_alpha7.ebuild   
net-analyzer/ntop/ntop-3.1.ebuild   
net-analyzer/snort/snort-2.4.0.ebuild   
net-analyzer/snort/snort-2.3.3-r1.ebuild   
net-analyzer/FlowScan/FlowScan-1.006-r2.ebuild   
*net-dns/ldapdns/ldapdns-2.06.ebuild   
net-dns/maradns/maradns-1.0.27.ebuild   
net-dns/bind/bind-9.3.1-r3.ebuild   
net-dns/pdnsd/pdnsd-1.2.2.ebuild   
*net-dns/dnrd/dnrd-2.19.1.ebuild   
net-dns/rbldnsd/rbldnsd-0.995.ebuild   
net-dns/ddclient/ddclient-3.6.6.ebuild   
net-ftp/frox/frox-0.7.18.ebuild   
*net-ftp/jftpgw/jftpgw-0.13.4-r1.ebuild   
net-ftp/ftpbase/ftpbase-0.00.ebuild   
net-im/jabberd/jabberd-2.0.9.ebuild   
net-im/jabberd/jabberd-1.4.3-r5.ebuild   
net-im/ejabberd/ejabberd-0.7.5.ebuild   
net-im/pymsn-t/pymsn-t-0.9.2.ebuild   
net-irc/srvx/srvx-1.3.0.2005_p9.ebuild   
net-mail/vpopmail/vpopmail-5.4.9-r2.ebuild   
net-mail/popa3d/popa3d-1.0.ebuild   
net-mail/mailman/mailman-2.1.6_rc4.ebuild   
net-mail/cmd5checkpw/cmd5checkpw-0.30.ebuild   
net-mail/dovecot/dovecot-0.99.14-r1.ebuild   
net-misc/ndtpd/ndtpd-3.1.5.ebuild   
net-misc/tor/tor-0.1.0.14.ebuild   
*net-misc/radvd/radvd-0.8.ebuild   
*net-misc/apt-proxy/apt-proxy-1.3.0.ebuild   
net-misc/nxserver-freenx/nxserver-freenx-0.4.0.ebuild   
net-misc/udhcp/udhcp-0.9.9_pre20041216-r1.ebuild   
net-misc/openssh/openssh-4.1_p1-r1.ebuild   
net-misc/asterisk/asterisk-1.0.9-r1.ebuild   
net-misc/dhcp/dhcp-3.0.2.ebuild   
net-misc/gofish/gofish-0.29.ebuild   
*net-misc/ser/ser-0.9.0.ebuild   
*net-misc/openntpd/openntpd-3.7_p1.ebuild   
*net-misc/mdidentd/mdidentd-1.04a.ebuild   
net-misc/entropy/entropy-0.8.2.418.ebuild   
*net-nds/portmap/portmap-5b-r9.ebuild   
net-nds/openldap/openldap-2.2.27-r1.ebuild   
net-p2p/gnunet/gnunet-0.6.6b-r1.ebuild   
net-p2p/amule/amule-2.0.3.ebuild   
net-www/apache/apache-2.0.54-r9.ebuild   
net-zope/zope/zope-2.8.0.ebuild   
sci-misc/boinc/boinc-4.72.20050813.ebuild   
sys-apps/hal/hal-0.5.2.ebuild   
sys-apps/hal/hal-0.4.8.ebuild   
sys-apps/dbus/dbus-0.35.2.ebuild   
sys-apps/dbus/dbus-0.23.4-r1.ebuild   
sys-fs/captive/captive-1.1.5-r2.ebuild   
www-apps/rt/rt-3.4.3.ebuild   
www-servers/shttpd/shttpd-1.25.ebuild   
*www-servers/publicfile/publicfile-0.52-r1.ebuild   
www-servers/fnord/fnord-1.9.ebuild   
www-servers/aolserver/aolserver-4.0.9-r1.ebuild   
www-servers/skunkweb/skunkweb-3.4_beta5-r1.ebuild   
x11-apps/xfs/xfs-0.99.0-r1.ebuild   
x11-base/xorg-x11/xorg-x11-6.8.99.15.ebuild   

Some background would be helpful.  Is the problem that these userlands 
lack /bin/false, or just that they don't support setting a user's shell 
to /bin/false when you want to disable logins?

Many thanks,
Stu

net-irc done

captive done

/bin/false is not present on Darwin and on FreeBSD, and it's in /usr/bin/false  
(so /bin/false it's not in shell file -> invalid shell -> enewuser fail).  
For darwin /usr/bin/false is a valid shell, so it's used.  
For FreeBSD /usr/sbin/nologin is used instead.  

enewuser function take care of selecting the right shell when not specified or  
"-1", depending on current ${USERLAND} value.  

different userlands have better nologin shells ... all this background info was
posted to the gentoo-dev mailing list some time ago already

app-antivirus/clamav done

dev-dotnet/xsp done

net-ftp/ftpbase fixed

Ramereth fixed xsp, removing myself.

www-servers/fnord and dev-util/cvsd done.

Done, on behalf of net-mail:

mail-filter/qmail-scanner  
mail-filter/amavisd-new
mail-filter/postgrey

mail-mta/xmail
mail-mta/qmail
mail-mta/sendmail
mail-mta/postfix

net-mail/vpopmail
net-mail/popa3d
net-mail/mailman
net-mail/cmd5checkpw
net-mail/dovecot

net-analyzer/{flow-tools,ntop,scanlogd,snort} done.

fixed app-admin/tenshi

www-servers/skunkweb fixed

net-misc/asterisk done  
   
net-misc/ser has already been fixed by Diego  

Fixed sci-misc/boinc.

www-servers/aolserver done.

net-www/apache fixed

xorg, xfs fixed.

Reopening, xorg is not the last one :) 
 
Thanks though, removing x11 from CC. 
 

That's bugzilla being retarded.

www-apps/rt done

net-zope done

net-im fixed

net-ftp/frox     
net-analyzer/flow-tools    
app-crypt/trousers 
net-misc/asterisk fixed 

fixed:
net-misc/udhcp
net-misc/openssh
net-misc/dhcp
net-misc/openntpd
net-misc/entropy

Forgot to add... if you want me to take care of fixing these bugs for 
your/your herd's packages, just state so and remove yourself/the herd from CC, 
and I'll do the change as stated (enewuser, cp -a and chown, it's a 
multi-comment). 
 
If it's for a herd, please say which herd you're referring to as i don't know 
them all by heart :) 

Removing a couple of CC whose ebuilds are alredy fixed... 
 

Fixed the HAL & dbus that I maintain. (dbus 0.3x & hal 0.5.x)

Updated list (much shorter :))  
  
dev-db/mysql/mysql-5.0.9_beta-r2.ebuild: enewuser called with /bin/false  
[mysql]  
dev-db/mysql/mysql-4.0.25-r2.ebuild: enewuser called with /bin/false [mysql]  
media-video/flumotion/flumotion-0.1.8.ebuild: enewuser called with /bin/false  
[gstreamer]  
net-dns/maradns/maradns-1.0.27.ebuild: enewuser called with /bin/false  
[no-herd | matsuu@gentoo.org]  
net-dns/bind/bind-9.3.1-r3.ebuild: enewuser called with /bin/false [bind |  
voxus@gentoo.org]  
net-dns/pdnsd/pdnsd-1.2.2.ebuild: enewuser called with /bin/false [net-dialup]  
net-dns/rbldnsd/rbldnsd-0.995.ebuild: enewuser called with /bin/false [no-herd  
| chriswhite@gentoo.org]  
net-misc/ndtpd/ndtpd-3.1.5.ebuild: enewuser called with /bin/false [no-herd |  
usata@gentoo.org]  
net-misc/tor/tor-0.1.0.14.ebuild: enewuser called with /bin/false [no-herd |  
humpback@gentoo.org]  
net-misc/nxserver-freenx/nxserver-freenx-0.4.0.ebuild: enewuser called  
with /bin/false [no-herd | stuart@gentoo.org]  
net-misc/gofish/gofish-0.29.ebuild: enewuser called with /bin/false [no-herd |  
zul@gentoo.org]  
net-nds/openldap/openldap-2.2.28.ebuild: enewuser called with /bin/false  
[no-herd | robbat2@gentoo.org]  
net-p2p/gnunet/gnunet-0.6.6b-r1.ebuild: enewuser called with /bin/false  
[net-p2p]  
net-p2p/amule/amule-2.0.3.ebuild: enewuser called with /bin/false [net-p2p]  
sys-apps/hal/hal-0.4.8.ebuild: enewuser called with /bin/false [gnome,  
gentopia | foser@gentoo.org, cardoe@gentoo.org]  
sys-apps/dbus/dbus-0.23.4-r1.ebuild: enewuser called with /bin/false  
[base-system, gentopia | foser@gentoo.org, cardoe@gentoo.org]  
Affected herds: base-system, gentopia, net-p2p, gstreamer, mysql, gnome,  
net-dialup, bind, no-herd  
Affected devs: stuart@gentoo.org, matsuu@gentoo.org, cardoe@gentoo.org,  
zul@gentoo.org, foser@gentoo.org, humpback@gentoo.org, robbat2@gentoo.org,  
voxus@gentoo.org, chriswhite@gentoo.org, usata@gentoo.org  
 

net-p2p done

fixed net-dns/rbldnsd 

net-dns/maradns done

dev-db/mysql done

fixed net-dns/bind  
sorry for long delay.  

media-video/flumotion/flumotion-0.1.8.ebuild: enewuser called with /bin/false   
[gstreamer]   
net-dns/pdnsd/pdnsd-1.2.2.ebuild: enewuser called with /bin/false [net-dialup]  
net-im/jive-messenger/jive-messenger-2.2.0.ebuild: enewuser called   
with /bin/false [lostlogic@gentoo.org]   
net-misc/ndtpd/ndtpd-3.1.5.ebuild: enewuser called with /bin/false   
[usata@gentoo.org]   
net-misc/tor/tor-0.1.0.14.ebuild: enewuser called with /bin/false   
[humpback@gentoo.org]   
net-misc/nxserver-freenx/nxserver-freenx-0.4.0.ebuild: enewuser called   
with /bin/false [stuart@gentoo.org]   
net-misc/asterisk/asterisk-1.2.0_beta1.ebuild: enewuser called with /bin/false  
[voip | stkn@gentoo.org]   
net-misc/gofish/gofish-0.29.ebuild: enewuser called with /bin/false   
[zul@gentoo.org]   
net-nds/openldap/openldap-2.2.28.ebuild: enewuser called with /bin/false   
[robbat2@gentoo.org]   
sys-apps/hal/hal-0.4.8.ebuild: enewuser called with /bin/false [gnome,   
gentopia | foser@gentoo.org, cardoe@gentoo.org]   
sys-apps/dbus/dbus-0.23.4-r1.ebuild: enewuser called with /bin/false   
[base-system, gentopia | foser@gentoo.org, cardoe@gentoo.org]   
Affected herds: base-system, gentopia, gstreamer, gnome, voip, net-dialup  
Affected devs: stkn@gentoo.org, stuart@gentoo.org, lostlogic@gentoo.org,   
cardoe@gentoo.org, zul@gentoo.org, foser@gentoo.org, humpback@gentoo.org,   
robbat2@gentoo.org, usata@gentoo.org   

net-misc/gofish done

net-misc/tor fixed, sorry for the delay ....

net-dns/pdnsd fixed. 
sorry for not seeing this bug, but you failed to add net-proxy herd to CC.

media-video/flumotion done

Please I'd like to have this fixed before 30 september, else I'll start fixing 
that directly. 
Thanks. 
 
net-dns/pdnsd/pdnsd-1.2.3.ebuild: enewuser called with /bin/false [net-dialup]   
net-im/jive-messenger/jive-messenger-2.2.0.ebuild: enewuser called   
with /bin/fal   
se [lostlogic@gentoo.org]   
net-misc/ndtpd/ndtpd-3.1.5.ebuild: enewuser called with /bin/false   
[usata@gentoo   
.org]   
net-misc/nxserver-freenx/nxserver-freenx-0.4.0.ebuild: enewuser called   
with /bin   
/false [stuart@gentoo.org]   
net-nds/openldap/openldap-2.2.28-r1.ebuild: enewuser called with /bin/false   
[rob   
bat2@gentoo.org]   
sys-apps/hal/hal-0.4.8.ebuild: enewuser called with /bin/false [gnome,   
gentopia   
| foser@gentoo.org, cardoe@gentoo.org]   
sys-apps/ivman/ivman-0.6.4.ebuild: enewuser called with /bin/false   
[genstef@gent   
oo.org]   
sys-apps/dbus/dbus-0.23.4-r1.ebuild: enewuser called with /bin/false   
[base-syste   
m, gentopia | foser@gentoo.org, cardoe@gentoo.org]   
Affected herds: base-system, gentopia, gnome, net-dialup   
Affected devs: stuart@gentoo.org, lostlogic@gentoo.org, cardoe@gentoo.org,   
foser   
@gentoo.org, robbat2@gentoo.org, genstef@gentoo.org, usata@gentoo.org   
  
Alin, you should fix the replication in pkg_preinst, too.  

dbus and hal fixed.

(In reply to comment #42)
> net-dns/pdnsd/pdnsd-1.2.3.ebuild: enewuser called with /bin/false [net-dialup]  
... 
> Alin, you should fix the replication in pkg_preinst, too.  

fixed. appologies for my omision

net-im/jive-messenger/jive-messenger-2.2.0.ebuild: enewuser called 
with /bin/false [lostlogic@gentoo.org] 
net-misc/ndtpd/ndtpd-3.1.5.ebuild: enewuser called with /bin/false 
[usata@gentoo.org] 
net-misc/nxserver-freenx/nxserver-freenx-0.4.0.ebuild: enewuser called 
with /bin/false [stuart@gentoo.org] 
net-nds/openldap/openldap-2.2.28-r1.ebuild: enewuser called with /bin/false 
[robbat2@gentoo.org] 
Affected herds:  
Affected devs: stuart@gentoo.org, lostlogic@gentoo.org, robbat2@gentoo.org, 
usata@gentoo.org 
 
All the herd are clear now. 

fixed openldap.

Ok I've fixed the remaining packages, hopefully this is not going to be reopen  
again.