Date: Fri, 7 Dec 2001 06:10:02 -0800 (PST) From: "Andrey A. Chernov" <ache@nagual.pp.ru> To: freebsd-ports@FreeBSD.org Subject: Re: ports/32536: apache13+mod_ssl deletes www user on pkg_delete Message-ID: <200112071410.fB7EA2291290@freefall.freebsd.org>
next in thread | raw e-mail | index | archive | help
The following reply was made to PR ports/32536; it has been noted by GNATS. From: "Andrey A. Chernov" <ache@nagual.pp.ru> To: Jun Kuriyama <kuriyama@imgsrc.co.jp> Cc: Vivek Khera <khera@kciLink.com>, FreeBSD-gnats-submit@FreeBSD.org Subject: Re: ports/32536: apache13+mod_ssl deletes www user on pkg_delete Date: Fri, 7 Dec 2001 17:08:29 +0300 On Fri, Dec 07, 2001 at 23:07:11 +0900, Jun Kuriyama wrote: > > Ache, what do you think about this? I plan to fix it. > > At Wed, 5 Dec 2001 17:00:10 +0000 (UTC), > Vivek Khera wrote: > > In a *major* violation of POLA, when I went to upgrade apache + > > mod_ssl the other day, it removed and then recreated the www user > > account. However, the UID changed from what it was, the home dir > > changed, login class changed, and group memberships were lost. > > Bascially, it screwed my environment. Luckily, it was only a > > development server, and it asked me before deleting the crontab file. > > > > What is the point of unilaterally deleting the existing www user > > account on deletion of the package? It just seems wrong. > > > > As a reference, the mail/postfix-current port uses a "postfix" user > > account, yet doesn't delete it when the package is deleted. This > > makes for easy upgrades. At worst, it should ask if the user should > > be deleted. > > > -- > Jun Kuriyama <kuriyama@imgsrc.co.jp> // IMG SRC, Inc. > <kuriyama@FreeBSD.org> // FreeBSD Project -- Andrey A. Chernov http://ache.pp.ru/ To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-ports" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200112071410.fB7EA2291290>