Bug 141847 - %{_cyrususer} macro not used in some places
%{_cyrususer} macro not used in some places
Status: CLOSED WONTFIX
Product: Fedora
Classification: Fedora
Component: cyrus-imapd (Show other bugs)
3
All Linux
medium Severity medium
: ---
: ---
Assigned To: John Dennis
Brian Brock
:
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2004-12-03 19:10 EST by Matt Selsky
Modified: 2007-11-30 17:10 EST (History)
1 user (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2005-02-10 15:25:57 EST
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)
Avoid hard-coding cyrus username (395 bytes, patch)
2004-12-03 19:14 EST, Matt Selsky
no flags Details | Diff
Avoid hard-coding cyrus username in init script (528 bytes, patch)
2004-12-03 19:16 EST, Matt Selsky
no flags Details | Diff
Avoid hard-coding cyrus username in cvt_cyrusdb_all (413 bytes, patch)
2004-12-03 19:19 EST, Matt Selsky
no flags Details | Diff
Update spec file to take advantage of above patches (1.71 KB, patch)
2004-12-03 19:28 EST, Matt Selsky
no flags Details | Diff
Don't hardcode username or groupname (730 bytes, patch)
2004-12-03 19:33 EST, Matt Selsky
no flags Details | Diff
Update spec file to fix cyrus-imapd.rpm_set_permissions as well (1.92 KB, patch)
2004-12-03 19:37 EST, Matt Selsky
no flags Details | Diff

  None (edit)
Description Matt Selsky 2004-12-03 19:10:25 EST
At our site, we needed to change the name of the default Cyrus user
from "cyrus" to "cyrusadm".  We changed this %define in the spec file,
but there are a few places in the source where this %define isn't used.
Comment 1 Matt Selsky 2004-12-03 19:14:34 EST
Created attachment 107875 [details]
Avoid hard-coding cyrus username
Comment 2 Matt Selsky 2004-12-03 19:16:56 EST
Created attachment 107876 [details]
Avoid hard-coding cyrus username in init script
Comment 3 Matt Selsky 2004-12-03 19:19:04 EST
Created attachment 107877 [details]
Avoid hard-coding cyrus username in cvt_cyrusdb_all
Comment 4 Matt Selsky 2004-12-03 19:28:42 EST
Created attachment 107878 [details]
Update spec file to take advantage of above patches
Comment 5 Matt Selsky 2004-12-03 19:33:17 EST
Created attachment 107879 [details]
Don't hardcode username or groupname
Comment 6 Matt Selsky 2004-12-03 19:37:41 EST
Created attachment 107880 [details]
Update spec file to fix cyrus-imapd.rpm_set_permissions as well
Comment 7 John Dennis 2004-12-06 13:14:02 EST
I can see the value in having the spec file properly build with an
alternate specification of the cyrus user. However there are two
things I noticed right away with your patches.

1) You didn't pass with-cyrus-user=%{_cyrususer} to configure, that
means you missed a significant part of the configuration.

2) I can't speak for Simon, but I would vastly prefer if the existing
variables and configuration mechanism were used instead of inventing
new ones. For example the Makefiles use, CYRUS_USER=@cyrus_user@, the
variable is CYRUS_USER and the substitution parameter used by
configure is @cyrus_user@. Rather than running sed with different
variables on the additional SOURCE files if they were added to
AC_OUTPUT and used the existing variables it would be much cleaner IMHO.

We can either take you work as a starting point or submit a new patch.
We try to keep our rpm in sync with Simon's so I'm going to CC him on
this bug and see if he has any comments.
Comment 8 Matt Selsky 2004-12-06 20:15:05 EST
About (1) above, you are correct.  I thought I had seen
--with-cyrus-user and -\-with-cyrus-group set, but I guess not.  This
is easily remedied.
                                                                     
          
Regarding (2) above, can AC_OUTPUT be used to change files not
included in the \main tarball?  The source files that I'm changing are
copied into the buildroot\ after configure/make/make install have
already been run.  Should they be appli\ed to the source tarball as
patches or something?  The other source file change\s are done using
sed so I had assumed that was an acceptable way of doing thing\s.
                                                                     
          
Please let me know how to proceed and I'd be happy to submit new patches.
Comment 9 Simon Matter 2004-12-07 06:59:31 EST
My first question is why did you have to rename the default cyrus user
to something else? From my point of view it's a bad idea which can be
compared to renaming the root user in any *X system. While it's
possible it's a dangerous thing which poeple will learn earlier or
later and then complain about it.

Most important reasons for not doing it in a packaged version:
- it will break 90% of cyrus-imapd related tools which are not part of
the rpm but very widely used.
- it's a change which can not be done once but needs additional work
and testing with every new release or inclusion of new contributed tools.
- updating a cyrus-imapd rpm on a system with renamed cyrus user may
result in a horrible mess.
- the _cyrususer macro is not a build time option.
- I have just checked source rpms for bind, apache, mysql, openldap,
sendmail and squid and none of them supports a renaming of usernames.

Even if we change all packaged scripts to use settings in
/etc/sysconfig/cyrus-imapd, where they belong, I really don't think
it's a good idea.
Comment 10 Matt Selsky 2004-12-07 13:34:07 EST
We already have a VIP user that's using the account "cyrus".  We
needed to go with something like "cyrusadm".
Comment 11 John Dennis 2005-02-10 15:25:57 EST
I think Simon's arguments in comment #9 out weigh the rare problem of
having previously allocated the user id cyrus to a non-system account.
There is a set of user names that should be reserved, cyrus is one of
them. They are documented in /usr/share/doc/setup-*/uidgid

Note You need to log in before you can comment on or make changes to this bug.