security/installation question regarding plan

To: Debian Development <debian-devel@lists.debian.org>
Cc: Christoph Lameter <clameter@debian.org>
Subject: security/installation question regarding plan
From: "Colin R. Telmer" <telmerco@qed.econ.queensu.ca>
Date: Thu, 5 Jun 1997 14:59:34 -0400 (EDT)
Message-id: <[🔎] Pine.LNX.3.96.970605142714.1507A-100000@terrapin.econ.queensu.ca>

the program plan uses another executable called netplan to act as an IP
network server to manage appointment files. Under the vanilla compilation
and installation, the following happens with netplan:

   if run by root or setuid root, netplan switches to "nobody". The UID
   and GID of <nobody> are compiled in, not determined at runtime. netplan
   will refuse to run setgid-but-not-setuid root.

Also, netplan only reads and writes to 

LIB/netplan.dir the directory that netplan puts files into, and the only
                directory that netplan will read from (see Network
                Security).

where LIB under the vanilla installation would be /usr/local/lib.

Under the mostly complete debian packaging of plan, I have installed
netplan as /usr/lib/plan/netplan and netplan.dir as
/usr/lib/plan/netplan.dir. Christoph Lameter began packaging plan which
has allowed me to use the following postinst as a template (note
/usr/sbin/netplan will be changed to /usr/lib/netplan): 
--------------
#!/bin/sh -e

# Check if "netplan" user exists create if not
adduser --system --home /var/lib/netplan netplan || echo "netplan user \
already exists."

if [ ! -d /var/lib/netplan ]; then
        install -m 700 -u netplan -d /var/lib/netplan
fi

suidregister -s plan /usr/sbin/netplan netplan root 4754 
--------------
I am somewhat new to packaging, so I want to be sure I completely
understand what is going on here:
1) The system user netplan is created if it didn't already exist.
2) The system user netplan's home directory is created as /var/lib/netplan
   if it didn't already exist.
3) suidregister registers netplan in /etc/suid.conf and changes the suid
to netplan from nobody

Questions:
1) What is /var/lib/netplan used for? It seems to me that the only
   directory that is needed for netplan is /usr/lib/plan/netplan.dir.
2) Do I really need to change the suid of netplan from nobody to netplan? 
3) By using suidregister, isn't this creating a dependency on
   the suidmanager package?

Some of these questions may be stupid, but that's how I learn:). Any help
is gratefully appreciated. Cheers, Colin.

PS. This package will most likely not be uploaded until approx. June 17th
when I get a chance to get to the console of my debian machine so I can
try it under X.

--
	  Colin R. Telmer, Institute of Intergovernmental Relations
		School of Policy Studies, Queen's University
		     Kingston, Ontario, Canada, K7L-3N6
	      (613)545-6000x4219   telmerco@qed.econ.queensu.ca
     PGP Fingerprint = 09 E9 DA 66 9C EE 33 DC  B8 3B 97 0E 01 BC EC 0B
	   PGP Public Key at <URL:http://terrapin.econ.queensu.ca>



--
TO UNSUBSCRIBE FROM THIS MAILING LIST: e-mail the word "unsubscribe" to
debian-devel-request@lists.debian.org . 
Trouble?  e-mail to templin@bucknell.edu .

Reply to:

Follow-Ups:
- Re: security/installation question regarding plan
  - From: Christoph Lameter <clameter@waterf.org>
- Re: security/installation question regarding plan
  - From: Carey Evans <c.evans@clear.net.nz>

Prev by Date: plan copyright clarification
Next by Date: Re: RFC: Splitting manpages into 2 packages
Previous by thread: Re: plan copyright clarification
Next by thread: Re: security/installation question regarding plan
Index(es):
- Date
- Thread