Currently apache calls enewuser with /bin/false with /bin/false as shell to create an user that cannot login. This breaks on BSD and Darwin that uses other shells to login-disabled accounts, passing -1 (default parameter) let enewuser decide which shell to use. Thanks, Diego
Instead of opening one bug per package, maybe it's better creating a single bug report for all :) I've wrote a little ruby script to check for erroneous syntax on last and last-unmasked (if different) ebuilds, and run it to check for enewuser called with /bin/false as shell (that breaks Gentoo/FreeBSD and Gentoo/Darwin). As said, -1 is what you should use to let enewuser select the right no-login shell depending on userland. *-marked are unmaintained, I'll take care app-admin/tenshi/tenshi-0.3.4.ebuild app-antivirus/clamav/clamav-0.86.2.ebuild app-crypt/trousers/trousers-0.2.1.ebuild dev-db/mysql/mysql-5.0.9_beta-r2.ebuild dev-db/mysql/mysql-4.0.25-r2.ebuild dev-dotnet/xsp/xsp-1.0.9.ebuild dev-util/cvsd/cvsd-1.0.8.ebuild mail-filter/qmail-scanner/qmail-scanner-1.25-r1.ebuild mail-filter/amavisd-new/amavisd-new-2.3.2.ebuild mail-filter/postgrey/postgrey-1.21.ebuild mail-mta/xmail/xmail-1.21.ebuild mail-mta/qmail/qmail-1.03-r16.ebuild mail-mta/sendmail/sendmail-8.13.4-r1.ebuild mail-mta/postfix/postfix-2.2.4.ebuild mail-mta/postfix/postfix-2.2.2-r1.ebuild media-video/flumotion/flumotion-0.1.8.ebuild net-analyzer/scanlogd/scanlogd-2.2.5.ebuild net-analyzer/flow-tools/flow-tools-0.68-r1.ebuild net-analyzer/zabbix-agent/zabbix-agent-1.1_alpha7.ebuild net-analyzer/zabbix-server/zabbix-server-1.1_alpha7.ebuild net-analyzer/ntop/ntop-3.1.ebuild net-analyzer/snort/snort-2.4.0.ebuild net-analyzer/snort/snort-2.3.3-r1.ebuild net-analyzer/FlowScan/FlowScan-1.006-r2.ebuild *net-dns/ldapdns/ldapdns-2.06.ebuild net-dns/maradns/maradns-1.0.27.ebuild net-dns/bind/bind-9.3.1-r3.ebuild net-dns/pdnsd/pdnsd-1.2.2.ebuild *net-dns/dnrd/dnrd-2.19.1.ebuild net-dns/rbldnsd/rbldnsd-0.995.ebuild net-dns/ddclient/ddclient-3.6.6.ebuild net-ftp/frox/frox-0.7.18.ebuild *net-ftp/jftpgw/jftpgw-0.13.4-r1.ebuild net-ftp/ftpbase/ftpbase-0.00.ebuild net-im/jabberd/jabberd-2.0.9.ebuild net-im/jabberd/jabberd-1.4.3-r5.ebuild net-im/ejabberd/ejabberd-0.7.5.ebuild net-im/pymsn-t/pymsn-t-0.9.2.ebuild net-irc/srvx/srvx-1.3.0.2005_p9.ebuild net-mail/vpopmail/vpopmail-5.4.9-r2.ebuild net-mail/popa3d/popa3d-1.0.ebuild net-mail/mailman/mailman-2.1.6_rc4.ebuild net-mail/cmd5checkpw/cmd5checkpw-0.30.ebuild net-mail/dovecot/dovecot-0.99.14-r1.ebuild net-misc/ndtpd/ndtpd-3.1.5.ebuild net-misc/tor/tor-0.1.0.14.ebuild *net-misc/radvd/radvd-0.8.ebuild *net-misc/apt-proxy/apt-proxy-1.3.0.ebuild net-misc/nxserver-freenx/nxserver-freenx-0.4.0.ebuild net-misc/udhcp/udhcp-0.9.9_pre20041216-r1.ebuild net-misc/openssh/openssh-4.1_p1-r1.ebuild net-misc/asterisk/asterisk-1.0.9-r1.ebuild net-misc/dhcp/dhcp-3.0.2.ebuild net-misc/gofish/gofish-0.29.ebuild *net-misc/ser/ser-0.9.0.ebuild *net-misc/openntpd/openntpd-3.7_p1.ebuild *net-misc/mdidentd/mdidentd-1.04a.ebuild net-misc/entropy/entropy-0.8.2.418.ebuild *net-nds/portmap/portmap-5b-r9.ebuild net-nds/openldap/openldap-2.2.27-r1.ebuild net-p2p/gnunet/gnunet-0.6.6b-r1.ebuild net-p2p/amule/amule-2.0.3.ebuild net-www/apache/apache-2.0.54-r9.ebuild net-zope/zope/zope-2.8.0.ebuild sci-misc/boinc/boinc-4.72.20050813.ebuild sys-apps/hal/hal-0.5.2.ebuild sys-apps/hal/hal-0.4.8.ebuild sys-apps/dbus/dbus-0.35.2.ebuild sys-apps/dbus/dbus-0.23.4-r1.ebuild sys-fs/captive/captive-1.1.5-r2.ebuild www-apps/rt/rt-3.4.3.ebuild www-servers/shttpd/shttpd-1.25.ebuild *www-servers/publicfile/publicfile-0.52-r1.ebuild www-servers/fnord/fnord-1.9.ebuild www-servers/aolserver/aolserver-4.0.9-r1.ebuild www-servers/skunkweb/skunkweb-3.4_beta5-r1.ebuild x11-apps/xfs/xfs-0.99.0-r1.ebuild x11-base/xorg-x11/xorg-x11-6.8.99.15.ebuild
Some background would be helpful. Is the problem that these userlands lack /bin/false, or just that they don't support setting a user's shell to /bin/false when you want to disable logins? Many thanks, Stu
net-irc done
captive done
/bin/false is not present on Darwin and on FreeBSD, and it's in /usr/bin/false (so /bin/false it's not in shell file -> invalid shell -> enewuser fail). For darwin /usr/bin/false is a valid shell, so it's used. For FreeBSD /usr/sbin/nologin is used instead. enewuser function take care of selecting the right shell when not specified or "-1", depending on current ${USERLAND} value.
different userlands have better nologin shells ... all this background info was posted to the gentoo-dev mailing list some time ago already
app-antivirus/clamav done
dev-dotnet/xsp done
net-ftp/ftpbase fixed
Ramereth fixed xsp, removing myself.
www-servers/fnord and dev-util/cvsd done.
Done, on behalf of net-mail: mail-filter/qmail-scanner mail-filter/amavisd-new mail-filter/postgrey mail-mta/xmail mail-mta/qmail mail-mta/sendmail mail-mta/postfix net-mail/vpopmail net-mail/popa3d net-mail/mailman net-mail/cmd5checkpw net-mail/dovecot
net-analyzer/{flow-tools,ntop,scanlogd,snort} done.
fixed app-admin/tenshi
www-servers/skunkweb fixed
net-misc/asterisk done net-misc/ser has already been fixed by Diego
Fixed sci-misc/boinc.
www-servers/aolserver done.
net-www/apache fixed
xorg, xfs fixed.
Reopening, xorg is not the last one :) Thanks though, removing x11 from CC.
That's bugzilla being retarded.
www-apps/rt done
net-zope done
net-im fixed
net-ftp/frox net-analyzer/flow-tools app-crypt/trousers net-misc/asterisk fixed
fixed: net-misc/udhcp net-misc/openssh net-misc/dhcp net-misc/openntpd net-misc/entropy
Forgot to add... if you want me to take care of fixing these bugs for your/your herd's packages, just state so and remove yourself/the herd from CC, and I'll do the change as stated (enewuser, cp -a and chown, it's a multi-comment). If it's for a herd, please say which herd you're referring to as i don't know them all by heart :)
Removing a couple of CC whose ebuilds are alredy fixed...
Fixed the HAL & dbus that I maintain. (dbus 0.3x & hal 0.5.x)
Updated list (much shorter :)) dev-db/mysql/mysql-5.0.9_beta-r2.ebuild: enewuser called with /bin/false [mysql] dev-db/mysql/mysql-4.0.25-r2.ebuild: enewuser called with /bin/false [mysql] media-video/flumotion/flumotion-0.1.8.ebuild: enewuser called with /bin/false [gstreamer] net-dns/maradns/maradns-1.0.27.ebuild: enewuser called with /bin/false [no-herd | matsuu@gentoo.org] net-dns/bind/bind-9.3.1-r3.ebuild: enewuser called with /bin/false [bind | voxus@gentoo.org] net-dns/pdnsd/pdnsd-1.2.2.ebuild: enewuser called with /bin/false [net-dialup] net-dns/rbldnsd/rbldnsd-0.995.ebuild: enewuser called with /bin/false [no-herd | chriswhite@gentoo.org] net-misc/ndtpd/ndtpd-3.1.5.ebuild: enewuser called with /bin/false [no-herd | usata@gentoo.org] net-misc/tor/tor-0.1.0.14.ebuild: enewuser called with /bin/false [no-herd | humpback@gentoo.org] net-misc/nxserver-freenx/nxserver-freenx-0.4.0.ebuild: enewuser called with /bin/false [no-herd | stuart@gentoo.org] net-misc/gofish/gofish-0.29.ebuild: enewuser called with /bin/false [no-herd | zul@gentoo.org] net-nds/openldap/openldap-2.2.28.ebuild: enewuser called with /bin/false [no-herd | robbat2@gentoo.org] net-p2p/gnunet/gnunet-0.6.6b-r1.ebuild: enewuser called with /bin/false [net-p2p] net-p2p/amule/amule-2.0.3.ebuild: enewuser called with /bin/false [net-p2p] sys-apps/hal/hal-0.4.8.ebuild: enewuser called with /bin/false [gnome, gentopia | foser@gentoo.org, cardoe@gentoo.org] sys-apps/dbus/dbus-0.23.4-r1.ebuild: enewuser called with /bin/false [base-system, gentopia | foser@gentoo.org, cardoe@gentoo.org] Affected herds: base-system, gentopia, net-p2p, gstreamer, mysql, gnome, net-dialup, bind, no-herd Affected devs: stuart@gentoo.org, matsuu@gentoo.org, cardoe@gentoo.org, zul@gentoo.org, foser@gentoo.org, humpback@gentoo.org, robbat2@gentoo.org, voxus@gentoo.org, chriswhite@gentoo.org, usata@gentoo.org
net-p2p done
fixed net-dns/rbldnsd
net-dns/maradns done
dev-db/mysql done
fixed net-dns/bind sorry for long delay.
media-video/flumotion/flumotion-0.1.8.ebuild: enewuser called with /bin/false [gstreamer] net-dns/pdnsd/pdnsd-1.2.2.ebuild: enewuser called with /bin/false [net-dialup] net-im/jive-messenger/jive-messenger-2.2.0.ebuild: enewuser called with /bin/false [lostlogic@gentoo.org] net-misc/ndtpd/ndtpd-3.1.5.ebuild: enewuser called with /bin/false [usata@gentoo.org] net-misc/tor/tor-0.1.0.14.ebuild: enewuser called with /bin/false [humpback@gentoo.org] net-misc/nxserver-freenx/nxserver-freenx-0.4.0.ebuild: enewuser called with /bin/false [stuart@gentoo.org] net-misc/asterisk/asterisk-1.2.0_beta1.ebuild: enewuser called with /bin/false [voip | stkn@gentoo.org] net-misc/gofish/gofish-0.29.ebuild: enewuser called with /bin/false [zul@gentoo.org] net-nds/openldap/openldap-2.2.28.ebuild: enewuser called with /bin/false [robbat2@gentoo.org] sys-apps/hal/hal-0.4.8.ebuild: enewuser called with /bin/false [gnome, gentopia | foser@gentoo.org, cardoe@gentoo.org] sys-apps/dbus/dbus-0.23.4-r1.ebuild: enewuser called with /bin/false [base-system, gentopia | foser@gentoo.org, cardoe@gentoo.org] Affected herds: base-system, gentopia, gstreamer, gnome, voip, net-dialup Affected devs: stkn@gentoo.org, stuart@gentoo.org, lostlogic@gentoo.org, cardoe@gentoo.org, zul@gentoo.org, foser@gentoo.org, humpback@gentoo.org, robbat2@gentoo.org, usata@gentoo.org
net-misc/gofish done
net-misc/tor fixed, sorry for the delay ....
net-dns/pdnsd fixed. sorry for not seeing this bug, but you failed to add net-proxy herd to CC.
media-video/flumotion done
Please I'd like to have this fixed before 30 september, else I'll start fixing that directly. Thanks. net-dns/pdnsd/pdnsd-1.2.3.ebuild: enewuser called with /bin/false [net-dialup] net-im/jive-messenger/jive-messenger-2.2.0.ebuild: enewuser called with /bin/fal se [lostlogic@gentoo.org] net-misc/ndtpd/ndtpd-3.1.5.ebuild: enewuser called with /bin/false [usata@gentoo .org] net-misc/nxserver-freenx/nxserver-freenx-0.4.0.ebuild: enewuser called with /bin /false [stuart@gentoo.org] net-nds/openldap/openldap-2.2.28-r1.ebuild: enewuser called with /bin/false [rob bat2@gentoo.org] sys-apps/hal/hal-0.4.8.ebuild: enewuser called with /bin/false [gnome, gentopia | foser@gentoo.org, cardoe@gentoo.org] sys-apps/ivman/ivman-0.6.4.ebuild: enewuser called with /bin/false [genstef@gent oo.org] sys-apps/dbus/dbus-0.23.4-r1.ebuild: enewuser called with /bin/false [base-syste m, gentopia | foser@gentoo.org, cardoe@gentoo.org] Affected herds: base-system, gentopia, gnome, net-dialup Affected devs: stuart@gentoo.org, lostlogic@gentoo.org, cardoe@gentoo.org, foser @gentoo.org, robbat2@gentoo.org, genstef@gentoo.org, usata@gentoo.org Alin, you should fix the replication in pkg_preinst, too.
dbus and hal fixed.
(In reply to comment #42) > net-dns/pdnsd/pdnsd-1.2.3.ebuild: enewuser called with /bin/false [net-dialup] ... > Alin, you should fix the replication in pkg_preinst, too. fixed. appologies for my omision
net-im/jive-messenger/jive-messenger-2.2.0.ebuild: enewuser called with /bin/false [lostlogic@gentoo.org] net-misc/ndtpd/ndtpd-3.1.5.ebuild: enewuser called with /bin/false [usata@gentoo.org] net-misc/nxserver-freenx/nxserver-freenx-0.4.0.ebuild: enewuser called with /bin/false [stuart@gentoo.org] net-nds/openldap/openldap-2.2.28-r1.ebuild: enewuser called with /bin/false [robbat2@gentoo.org] Affected herds: Affected devs: stuart@gentoo.org, lostlogic@gentoo.org, robbat2@gentoo.org, usata@gentoo.org All the herd are clear now.
fixed openldap.
Ok I've fixed the remaining packages, hopefully this is not going to be reopen again.