Bug 141847 - %{_cyrususer} macro not used in some places
Summary: %{_cyrususer} macro not used in some places
Alias: None
Product: Fedora
Classification: Fedora
Component: cyrus-imapd   
(Show other bugs)
Version: 3
Hardware: All
OS: Linux
Target Milestone: ---
Assignee: John Dennis
QA Contact: Brian Brock
Depends On:
TreeView+ depends on / blocked
Reported: 2004-12-04 00:10 UTC by Matt Selsky
Modified: 2007-11-30 22:10 UTC (History)
1 user (show)

Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Last Closed: 2005-02-10 20:25:57 UTC
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---

Attachments (Terms of Use)
Avoid hard-coding cyrus username (395 bytes, patch)
2004-12-04 00:14 UTC, Matt Selsky
no flags Details | Diff
Avoid hard-coding cyrus username in init script (528 bytes, patch)
2004-12-04 00:16 UTC, Matt Selsky
no flags Details | Diff
Avoid hard-coding cyrus username in cvt_cyrusdb_all (413 bytes, patch)
2004-12-04 00:19 UTC, Matt Selsky
no flags Details | Diff
Update spec file to take advantage of above patches (1.71 KB, patch)
2004-12-04 00:28 UTC, Matt Selsky
no flags Details | Diff
Don't hardcode username or groupname (730 bytes, patch)
2004-12-04 00:33 UTC, Matt Selsky
no flags Details | Diff
Update spec file to fix cyrus-imapd.rpm_set_permissions as well (1.92 KB, patch)
2004-12-04 00:37 UTC, Matt Selsky
no flags Details | Diff

Description Matt Selsky 2004-12-04 00:10:25 UTC
At our site, we needed to change the name of the default Cyrus user
from "cyrus" to "cyrusadm".  We changed this %define in the spec file,
but there are a few places in the source where this %define isn't used.

Comment 1 Matt Selsky 2004-12-04 00:14:34 UTC
Created attachment 107875 [details]
Avoid hard-coding cyrus username

Comment 2 Matt Selsky 2004-12-04 00:16:56 UTC
Created attachment 107876 [details]
Avoid hard-coding cyrus username in init script

Comment 3 Matt Selsky 2004-12-04 00:19:04 UTC
Created attachment 107877 [details]
Avoid hard-coding cyrus username in cvt_cyrusdb_all

Comment 4 Matt Selsky 2004-12-04 00:28:42 UTC
Created attachment 107878 [details]
Update spec file to take advantage of above patches

Comment 5 Matt Selsky 2004-12-04 00:33:17 UTC
Created attachment 107879 [details]
Don't hardcode username or groupname

Comment 6 Matt Selsky 2004-12-04 00:37:41 UTC
Created attachment 107880 [details]
Update spec file to fix cyrus-imapd.rpm_set_permissions as well

Comment 7 John Dennis 2004-12-06 18:14:02 UTC
I can see the value in having the spec file properly build with an
alternate specification of the cyrus user. However there are two
things I noticed right away with your patches.

1) You didn't pass with-cyrus-user=%{_cyrususer} to configure, that
means you missed a significant part of the configuration.

2) I can't speak for Simon, but I would vastly prefer if the existing
variables and configuration mechanism were used instead of inventing
new ones. For example the Makefiles use, CYRUS_USER=@cyrus_user@, the
variable is CYRUS_USER and the substitution parameter used by
configure is @cyrus_user@. Rather than running sed with different
variables on the additional SOURCE files if they were added to
AC_OUTPUT and used the existing variables it would be much cleaner IMHO.

We can either take you work as a starting point or submit a new patch.
We try to keep our rpm in sync with Simon's so I'm going to CC him on
this bug and see if he has any comments.

Comment 8 Matt Selsky 2004-12-07 01:15:05 UTC
About (1) above, you are correct.  I thought I had seen
--with-cyrus-user and -\-with-cyrus-group set, but I guess not.  This
is easily remedied.
Regarding (2) above, can AC_OUTPUT be used to change files not
included in the \main tarball?  The source files that I'm changing are
copied into the buildroot\ after configure/make/make install have
already been run.  Should they be appli\ed to the source tarball as
patches or something?  The other source file change\s are done using
sed so I had assumed that was an acceptable way of doing thing\s.
Please let me know how to proceed and I'd be happy to submit new patches.

Comment 9 Simon Matter 2004-12-07 11:59:31 UTC
My first question is why did you have to rename the default cyrus user
to something else? From my point of view it's a bad idea which can be
compared to renaming the root user in any *X system. While it's
possible it's a dangerous thing which poeple will learn earlier or
later and then complain about it.

Most important reasons for not doing it in a packaged version:
- it will break 90% of cyrus-imapd related tools which are not part of
the rpm but very widely used.
- it's a change which can not be done once but needs additional work
and testing with every new release or inclusion of new contributed tools.
- updating a cyrus-imapd rpm on a system with renamed cyrus user may
result in a horrible mess.
- the _cyrususer macro is not a build time option.
- I have just checked source rpms for bind, apache, mysql, openldap,
sendmail and squid and none of them supports a renaming of usernames.

Even if we change all packaged scripts to use settings in
/etc/sysconfig/cyrus-imapd, where they belong, I really don't think
it's a good idea.

Comment 10 Matt Selsky 2004-12-07 18:34:07 UTC
We already have a VIP user that's using the account "cyrus".  We
needed to go with something like "cyrusadm".

Comment 11 John Dennis 2005-02-10 20:25:57 UTC
I think Simon's arguments in comment #9 out weigh the rare problem of
having previously allocated the user id cyrus to a non-system account.
There is a set of user names that should be reserved, cyrus is one of
them. They are documented in /usr/share/doc/setup-*/uidgid

Note You need to log in before you can comment on or make changes to this bug.