Re: include much needed antivirus products in FC2

[Steven Pritchard <steve silug org>]

OK, now this is just getting nuts.

On Tue, Jan 06, 2004 at 10:33:26PM +0100, Enrico Scholz wrote:
> I do not know how to do a reliable usercreation without it. See
> 
>   http://www.fedora.us/wiki/PackageDynamicUserCreationConsideredBad
>   http://www.fedora.us/wiki/PackageUserCreation

So the argument is that packages create new user accounts, then remove
them when the package is installed, leaving files that could be owned
by some other user later, right?

Well *why* would you remove a system user account?  Leave that for the
sysadmin.  They can leave it (it really doesn't add much clutter) so
it can be re-used the next time they install the package, or they can
do the work to remove it cleanly.  I can't see *any* reason why a
package like clamav can't just do this:

%pre
if ! id clamav > /dev/null 2>&1 ; then
    useradd -r -s /bin/false -c "Clam Antivirus" -d /var/run/clamav clamav
fi

(Copied & pasted from my clamav package.)

> Hey... when I install a '-server' subpackage, I expect that I have to
> learn how it works and which security implications it has. So 30-60
> minutes should be planned for it.

I expect that a -server package can be enabled with "chkconfig --level
2345 $service on".  Besides, in this case, all you need to do is let
clamd run as its own user, with a writable socket file.  It's not
complicated.

I admit that I haven't had time to look at your package, but it really
sounds like you have over-thought this whole thing.  It just isn't a
complicated package.

Steve
-- 
Steven Pritchard - K&S Pritchard Enterprises, Inc.
Email: steve kspei com             http://www.kspei.com/
Phone: (618)398-7360               Mobile: (618)567-7320