run as unprivileged user

diff --git a/config.patch b/config.patch
index b48d6112e15c6b145aacfc5371d979d3375596fc..66ba3cd1239422e013f5561c9521cfe7bd551d1c 100644 (file)
--- a/config.patch
+++ b/config.patch
@@ -1,11 +1,14 @@
---- ddclient-3.8.3/ddclient.conf       2015-09-23 08:29:05.051308301 +0300
-+++ ddclient-3.8.3/ddclient.conf       2015-05-30 12:37:38.000000000 +0300
-@@ -20,7 +20,7 @@
+--- ddclient-3.8.3/ddclient.conf       2015-05-30 12:37:38.000000000 +0300
++++ ddclient-3.8.3/ddclient.conf       2015-09-23 08:33:27.228276894 +0300
+@@ -20,9 +20,9 @@
  ######################################################################
  daemon=300                            # check every 300 seconds
  syslog=yes                            # log update msgs to syslog
 -mail=root                             # mail all msgs to root
 +#mail=root                            # mail all msgs to root
  mail-failure=root                     # mail failed update msgs to root
- pid=/var/run/ddclient.pid             # record PID in file.
+-pid=/var/run/ddclient.pid             # record PID in file.
++pid=/var/run/ddclient/ddclient.pid            # record PID in file.
  ssl=yes                                       # use ssl-support.  Works with
+                                       # ssl-library
+ # postscript=script                   # run script after updating.  The

diff --git a/ddclient.init b/ddclient.init
index 8ba3ac61947ba9f1e10494add131003b5be1714a..3726da09f958be8233e95ff871f09b9db7b6a6a3 100755 (executable)
--- a/ddclient.init
+++ b/ddclient.init
@@ -17,6 +17,8 @@
 DDCLIENT_OPTIONS="-daemon 300"
 [ -f /etc/sysconfig/ddclient ] && . /etc/sysconfig/ddclient
 
+pidfile=/var/run/ddclient/ddclient.pid
+
 # Check that networking is up.
 if is_yes "${NETWORKING}"; then
        if [ ! -f /var/lock/subsys/network -a "$1" != stop -a "$1" != status ]; then
@@ -35,7 +37,7 @@ start() {
        fi
 
        msg_starting "Dynamic DNS Client"
-       daemon /usr/sbin/ddclient $DDCLIENT_OPTIONS
+       daemon --user ddclient /usr/sbin/ddclient $DDCLIENT_OPTIONS
        RETVAL=$?
        [ $RETVAL -eq 0 ] && touch /var/lock/subsys/ddclient
 }
@@ -47,8 +49,8 @@ stop() {
        fi
 
        msg_stopping "Dynamic DNS Client"
-       killproc ddclient
-       rm -f /var/run/ddclient.pid /var/lock/subsys/ddclient >/dev/null 2>&1
+       killproc ddclient --pidfile $pidfile
+       rm -f $pidfile /var/lock/subsys/ddclient >/dev/null 2>&1
 }
 
 reload() {
@@ -80,7 +82,7 @@ case "$1" in
        reload
        ;;
   status)
-       status ddclient
+       status --pidfile $pidfile ddclient
        exit $?
        ;;
   *)

diff --git a/ddclient.spec b/ddclient.spec
index 54139696e0acbfeef8cbfb25b38747d0f419abb9..8ca46d2974046b41c7034412e7e74303bb6be745 100644 (file)
--- a/ddclient.spec
+++ b/ddclient.spec
@@ -18,7 +18,15 @@ Patch0:              config.patch
 URL:           http://ddclient.sourceforge.net/
 BuildRequires: rpm-perlprov
 BuildRequires: rpmbuild(macros) >= 1.268
+Provides:      group(ddclient)
+Provides:      user(ddclient)
 Requires(post,preun):  /sbin/chkconfig
+Requires(postun):      /usr/sbin/groupdel
+Requires(postun):      /usr/sbin/userdel
+Requires(pre): /bin/id
+Requires(pre): /usr/bin/getgid
+Requires(pre): /usr/sbin/groupadd
+Requires(pre): /usr/sbin/useradd
 Requires:      rc-scripts
 # for freedns: Digest::SHA1, IO::Socket::SSL
 Suggests:      perl-Digest-SHA1
@@ -28,6 +36,9 @@ Suggests:     perl-JSON-Any
 BuildArch:     noarch
 BuildRoot:     %{tmpdir}/%{name}-%{version}-root-%(id -u -n)
 
+%define                cachedir        %{_localstatedir}/cache/ddclient
+%define                rundir          %{_localstatedir}/run/ddclient
+
 %description
 DDclient is a small full featured client with FULL DynDNS NIC2
 support, requiring only Perl and no additional modules. It runs under
@@ -73,16 +84,23 @@ cp -p sample-etc_ddclient.conf %{name}.conf
 
 %install
 rm -rf $RPM_BUILD_ROOT
-install -d $RPM_BUILD_ROOT{%{_sysconfdir}/ddclient,/etc/{rc.d/init.d,sysconfig,NetworkManager/dispatcher.d},%{_sbindir},%{_var}/cache/%{name}}
+install -d $RPM_BUILD_ROOT{%{_sysconfdir}/%{name},/etc/{rc.d/init.d,sysconfig,NetworkManager/dispatcher.d}} \
+       $RPM_BUILD_ROOT{%{_sbindir},%{cachedir},%{rundir}}
+
 cp -p %{name}.conf $RPM_BUILD_ROOT%{_sysconfdir}/%{name}
 install -p %{name} $RPM_BUILD_ROOT%{_sbindir}
 install -p %{SOURCE1} $RPM_BUILD_ROOT/etc/rc.d/init.d/%{name}
 cp -p %{SOURCE2} $RPM_BUILD_ROOT/etc/sysconfig/%{name}
 install -p %{SOURCE3} $RPM_BUILD_ROOT/etc/NetworkManager/dispatcher.d/50-%{name}
+touch $RPM_BUILD_ROOT%{cachedir}/%{name}.cache
 
 %clean
 rm -rf $RPM_BUILD_ROOT
 
+%pre
+%groupadd -g 325 ddclient
+%useradd -u 525 -d /var/run/%{name} -g ddclient -c "ddclient user" ddclient
+
 %post
 /sbin/chkconfig --add %{name}
 %service %{name} restart "%{name} daemon"
@@ -93,6 +111,12 @@ if [ "$1" = "0" ]; then
        /sbin/chkconfig --del %{name}
 fi
 
+%postun
+if [ "$1" = "0" ]; then
+       %userremove ddclient
+       %groupremove ddclient
+fi
+
 %triggerpostun -- ddclient < 1:3.6.4
 if [ -f /etc/ddclient.conf.rpmsave ]; then
        echo "Moving config to new location /etc/ddclient"
@@ -106,8 +130,11 @@ fi
 %doc ChangeLog Changelog.old README*
 %attr(755,root,root) %{_sbindir}/ddclient
 %dir %{_sysconfdir}/%{name}
-%attr(600,root,root) %config(noreplace) %verify(not md5 mtime size) %{_sysconfdir}/%{name}/%{name}.conf
+%attr(640,root,ddclient) %config(noreplace) %verify(not md5 mtime size) %{_sysconfdir}/%{name}/%{name}.conf
 %attr(600,root,root) %config(noreplace) %verify(not md5 mtime size) /etc/sysconfig/ddclient
 %attr(754,root,root) /etc/rc.d/init.d/%{name}
-%dir %{_var}/cache/%{name}
 %attr(755,root,root) /etc/NetworkManager/dispatcher.d/50-%{name}
+
+%dir %attr(770,root,ddclient) %{cachedir}
+%ghost %attr(600,ddclient,ddclient) %ghost %{cachedir}/%{name}.cache
+%dir %attr(770,root,ddclient) %{rundir}