Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Allow installation as unprivileged user #1570

Closed
mobstef opened this issue Nov 12, 2018 · 2 comments
Closed

Allow installation as unprivileged user #1570

mobstef opened this issue Nov 12, 2018 · 2 comments

Comments

@mobstef
Copy link

mobstef commented Nov 12, 2018

I have prepared a patch for Makefile to resolve two issues I have hit when preparing FreeBSD port of OSSEC:

  1. The "/etc/localtime" is required to exist during installation process. It is copied to OSSEC "etc" directory. The question is why? Shouldn't it be copied at runtime in case it has changed after OSSEC installation? Anyway I still need to assume it may not be present during build on FreeBSD build servers. I have introduced a flag "INSTALL_LOCALTIME" set to "yes" by default. I just invoke "make" with the flag set to "no". In FreeBSD port the "/etc/localtime" will be checked for existence and copied during OSSEC startup.

  2. The FreeBSD build servers create binary packages from ports as non-root user. It is therefore essential, that the Makefile allows installation as non-root user too. The problem with current Makefile is that it explicitly references "root" user and "0" group. Additionally it sets permission on certain directories to 550 and later writes to them, which is possible by root, but not as an unprivileged user. The best solution I came up with is to replace every invocation of "install" command by a macro, that by default sets mode and ownership of files as it used to be ("INSTALL_CMD"). If anybody needs to skip permission and ownership setting, he just need to set "INSTALL_CMD=install".

I am of course open to discussion on the topic, but will be extremely glad to see it resolved for the next release after 3.1.0. The patch is for 3.1.0.

patch-src_Makefile.txt
@ddpbsd
Copy link
Member

ddpbsd commented Dec 6, 2018

  1. Seems reasonable. Probably just something in the ossec-control script? I'm not sure how this would affect systemdOS though.
  2. If I can ever get it to apply, I'll try it out.

ddpbsd added a commit to ddpbsd/ossec-hids that referenced this issue Dec 6, 2018
@ddpbsd
Allow root-less installations.
93a6ff2 
From @mobstef in issue ossec#1570:
"The FreeBSD build servers create binary packages from ports as non-root user. It is therefore essential, that the Makefile allows installation as non-root user too. The problem with current Makefile is that it explicitly references "root" user and "0" group. Additionally it sets permission on certain directories to 550 and later writes to them, which is possible by root, but not as an unprivileged user. The best solution I came up with is to replace every invocation of "install" command by a macro, that by default sets mode and ownership of files as it used to be ("INSTALL_CMD"). If anybody needs to skip permission and ownership setting, he just need to set "INSTALL_CMD=install"."
@ddpbsd ddpbsd mentioned this issue Dec 16, 2018
Merged
@ddpbsd
Copy link
Member

ddpbsd commented Dec 16, 2018

I opened pull request #1599 with your patch. Thanks!

@ddpbsd ddpbsd closed this as completed Dec 16, 2018
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@ddpbsd @mobstef