Create a "dnetc" user and group that owns relevant dnetc

directories, files, and runs the client.

This removes all reliance on the "nobody" account so that the account
doesn't own any files or run any processes.

3 files changed, 47 insertions, 9 deletions

diff --git a/misc/dnetc/Makefile b/misc/dnetc/Makefile
index 7e91777..47f8d50 100644
--- a/misc/dnetc/Makefile
+++ b/misc/dnetc/Makefile
@@ -40,8 +40,10 @@ NO_BUILD=	yes
 BINDIR=		${PREFIX}/distributed.net
 LIBDIR=		${PREFIX}/etc/rc.d
 
-CLIENTUID=	nobody
-CLIENTGID=	daemon
+CLIENTUSER=	dnetc
+CLIENTUID=	26
+CLIENTGROUP=	${CLIENTUSER}
+CLIENTGID=	${CLIENTUID}
 
 SBINMODE=	700
 BINMODE=	700
@@ -49,23 +51,27 @@ BINMODE=	700
 MAN1=		dnetc.1
 
 do-configure:
-	if [ ! -f ${PREFIX}/dnetc.ini ]; then \
+	@if [ ! -f ${PREFIX}/dnetc.ini ]; then \
 		${INSTALL} -c -m 644 ${FILESDIR}/dnetc.ini ${WRKSRC}; \
 	fi
 
+pre-install:
+	@${ECHO} "==>  Creating custom user to run dnetc..."
+	${PKGINSTALL} ${PKGNAME} PRE-INSTALL "${CLIENTUSER}" "${CLIENTUID}" "${CLIENTGROUP}" "${CLIENTGID}"
+
 do-install:
-	if [ ! -d ${BINDIR} ]; then \
+	@if [ ! -d ${BINDIR} ]; then \
 		${MKDIR} ${BINDIR}; \
 	fi
 
-	${INSTALL} -c -m ${SBINMODE} -o ${CLIENTUID} -g ${CLIENTGID} ${WRKSRC}/dnetc ${BINDIR}
+	${INSTALL} -c -m ${SBINMODE} -o ${CLIENTUSER} -g ${CLIENTGROUP} ${WRKSRC}/dnetc ${BINDIR}
 
 	${SED} s#CHANGETHIS#${BINDIR}# < ${FILESDIR}/dnetc.sh > ${WRKSRC}/dnetc.sh.pathnames
 	${INSTALL} -c -m ${SBINMODE} ${WRKSRC}/dnetc.sh.pathnames ${LIBDIR}/dnetc.sh
 
 	${INSTALL_DATA} ${FILESDIR}/INFO ${BINDIR}
 
-	${CHOWN} ${CLIENTUID}:${CLIENTGID} ${BINDIR}
+	${CHOWN} ${CLIENTUSER}:${CLIENTGROUP} ${BINDIR}
 	${CHMOD} 775 ${BINDIR}
 
 	if [ ! -f ${BINDIR}/dnetc.sh ]; then \
@@ -73,7 +79,7 @@ do-install:
 	fi
 
 	${INSTALL_MAN} ${WRKSRC}/${MAN1} ${PREFIX}/man/man1
-	${INSTALL} -c -m 644 -o ${CLIENTUID} -g ${CLIENTGID} ${WRKDIR}/dnetc.ini ${BINDIR}/dnetc.ini.default
+	${INSTALL} -c -m 644 -o ${CLIENTUSER} -g ${CLIENTGROUP} ${WRKDIR}/dnetc.ini ${BINDIR}/dnetc.ini.default
 .if !exists(${BINDIR}/dnetc.ini)
 	@echo ""
 	@echo ""
@@ -89,7 +95,7 @@ do-install:
 	@echo ""
 	@echo ""
 	@echo ""
-	${INSTALL} -c -m 644 -o ${CLIENTUID} -g ${CLIENTGID} ${WRKDIR}/dnetc.ini ${BINDIR}
+	${INSTALL} -c -m 644 -o ${CLIENTUSER} -g ${CLIENTGROUP} ${WRKDIR}/dnetc.ini ${BINDIR}
 .endif
 
 .include <bsd.port.post.mk>
diff --git a/misc/dnetc/files/dnetc.sh b/misc/dnetc/files/dnetc.sh
index cccb86d..919e6f4 100644
--- a/misc/dnetc/files/dnetc.sh
+++ b/misc/dnetc/files/dnetc.sh
@@ -26,7 +26,7 @@ start)
 	fi
 
 	echo -n " dnetc"
-	su -m nobody -c "$dir/dnetc -quiet" 2>/dev/null >/dev/null &
+	su -m dnetc -c "$dir/dnetc -quiet" 2>/dev/null >/dev/null &
 	;;
 stop)
 	killall dnetc && echo -n " dnetc"
diff --git a/misc/dnetc/pkg-install b/misc/dnetc/pkg-install
new file mode 100644
index 0000000..d837ae3
--- /dev/null
+++ b/misc/dnetc/pkg-install
@@ -0,0 +1,32 @@
+#!/bin/sh
+
+if [ "$2" != "PRE-INSTALL" ]; then
+    exit 0
+fi
+
+CLIENTUSER=$3
+CLIENTUID=$4
+CLIENTGROUP=$5
+CLIENTGID=$6
+
+if ! pw groupshow "$CLIENTGROUP" 2>/dev/null 1>&2; then
+	if pw groupadd $CLIENTGROUP -g $CLIENTGID; then
+		echo "=> Added group \"$CLIENTGROUP\"."
+	else
+                echo "=> Adding group \"$CLIENTGROUP\" failed..."
+                exit 1
+        fi
+fi
+
+if ! pw usershow "$CLIENTUSER" 2>/dev/null 1>&2; then
+        if pw useradd $CLIENTUSER -u $CLIENTUID -g $CLIENTGROUP -h - \
+                -s "/sbin/nologin" -d "/nonexistent" \
+                -c "distributed.net client and proxy pseudo-user"; \
+        then
+                echo "=> Added user \"$CLIENTUSER\"."
+        else
+                echo "=> Adding user \"$CLIENTUSER\" failed..."
+                exit 1
+        fi
+fi
+exit 0