Date: Fri, 26 Sep 2003 19:05:13 +0200 From: Oliver Eikemeier <eikemeier@fillmore-labs.com> To: FreeBSD-gnats-submit@FreeBSD.org Subject: ports/57256: port security/clamav: should not issue rmuser -y on deinstall Message-ID: <3F7471C9.2000606@fillmore-labs.com> Resent-Message-ID: <200309261710.h8QHAEd7042209@freefall.freebsd.org>
next in thread | raw e-mail | index | archive | help
>Number: 57256 >Category: ports >Synopsis: port security/clamav: should not issue rmuser -y on deinstall >Confidential: no >Severity: serious >Priority: medium >Responsible: freebsd-ports-bugs >State: open >Quarter: >Keywords: >Date-Required: >Class: sw-bug >Submitter-Id: current-users >Arrival-Date: Fri Sep 26 10:10:14 PDT 2003 >Closed-Date: >Last-Modified: >Originator: Oliver Eikemeier >Release: FreeBSD 5.1-CURRENT i386 >Organization: Fillmore Labs - http://www.fillmore-labs.com >Environment: System: FreeBSD nuuk.fillmore-labs.com 5.1-CURRENT >Description: PR 53305 added @unexec rmuser -y clamav to pkg-plist. This deletes the clamav user and any additional files. This should *only* happen on complete deinstalls, with user confirmation, *never* on upgrades. The clamav user is subsequently re-added, with a possible different user id. Any other group memberships are lost, i.e. if clamav has been added to the group 'mail' it isn't after an upgrade. If I integrated clamav in exim following Sheldon Hearns excellent instructions (${PREFIX}/share/doc/exim/POST-INSTALL-NOTES.clamd in the exim port) my mail server will stop working as a result of the upgrade. A changing user id implies that clamav can't access /var/run/clamav and create a socket there. >How-To-Repeat: # portupgrade -f 'clamav-*' ---> Uninstalling the old version ---> Deinstalling 'clamav-0.60_1' ---> Preserving /usr/local/lib/libclamav.so.1 as /usr/local/lib/compat/pkg/libclamav.so.1 pkg_delete: '/usr/local/share/clamav/viruses.db' fails original MD5 checksum - deleted anyway. pkg_delete: '/usr/local/share/clamav/viruses.db2' fails original MD5 checksum - deleted anyway. /usr/sbin/rmuser: Informational: Home /nonexistent is not a directory, so it won't be removed Killed process(es) belonging to clamav. Updating password file, updating databases, done. Updating group file: mail (removing group clamav -- personal group is empty) done. Removing files belonging to clamav from /tmp: done. Removing files belonging to clamav from /var/tmp: done. Removing files belonging to clamav from /var/tmp/vi.recover: done. [Updating the pkgdb <format:bdb1_btree> in /var/db/pkg ... - 91 packages found (-1 +0) (...) done] ---> Installing the new version via the port ===> Installing for clamav-0.60_2 [...] ===> Creating custom user to run clamav... /bin/sh /usr/ports/security/clamav/pkg-install clamav-0.60_2 PRE-INSTALL => Added group "clamav". => Added user "clamav". >Fix: Remove @unexec rmuser -y clamav from pkg-plist. If necessary, add a message in pkg-deinstall, telling the user to do this step manually. >Release-Note: >Audit-Trail: >Unformatted:
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?3F7471C9.2000606>