Date: Fri, 7 Dec 2001 06:10:01 -0800 (PST) From: Jun Kuriyama <kuriyama@imgsrc.co.jp> To: freebsd-ports@FreeBSD.org Subject: Re: ports/32536: apache13+mod_ssl deletes www user on pkg_delete Message-ID: <200112071410.fB7EA1l91285@freefall.freebsd.org>
next in thread | raw e-mail | index | archive | help
The following reply was made to PR ports/32536; it has been noted by GNATS.
From: Jun Kuriyama <kuriyama@imgsrc.co.jp>
To: ache@FreeBSD.org
Cc: Vivek Khera <khera@kciLink.com>
Subject: Re: ports/32536: apache13+mod_ssl deletes www user on pkg_delete
Date: Fri, 07 Dec 2001 23:07:11 +0900
Ache, what do you think about this?
At Wed, 5 Dec 2001 17:00:10 +0000 (UTC),
Vivek Khera wrote:
> In a *major* violation of POLA, when I went to upgrade apache +
> mod_ssl the other day, it removed and then recreated the www user
> account. However, the UID changed from what it was, the home dir
> changed, login class changed, and group memberships were lost.
> Bascially, it screwed my environment. Luckily, it was only a
> development server, and it asked me before deleting the crontab file.
>
> What is the point of unilaterally deleting the existing www user
> account on deletion of the package? It just seems wrong.
>
> As a reference, the mail/postfix-current port uses a "postfix" user
> account, yet doesn't delete it when the package is deleted. This
> makes for easy upgrades. At worst, it should ask if the user should
> be deleted.
--
Jun Kuriyama <kuriyama@imgsrc.co.jp> // IMG SRC, Inc.
<kuriyama@FreeBSD.org> // FreeBSD Project
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-ports" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200112071410.fB7EA1l91285>