[oe-commits] Jackie Huang : rpcbind: add rpc user and run rpcbind daemon with rpc user

[git at git.openembedded.org]

Module: openembedded-core.git
Branch: master-next
Commit: 4bcf0355b49fc302b97ae12a00e0e72c45662ca4
URL:    http://git.openembedded.org/?p=openembedded-core.git&a=commit;h=4bcf0355b49fc302b97ae12a00e0e72c45662ca4

Author: Jackie Huang <jackie.huang at windriver.com>
Date:   Tue Mar  4 18:07:57 2014 +0800

rpcbind: add rpc user and run rpcbind daemon with rpc user

For security policy, change to run rpcbind daemon with rpc user
just like Redhat does, so set the --with-rpcuser to rpc and add rpc user.

Signed-off-by: Jackie Huang <jackie.huang at windriver.com>
Signed-off-by: Saul Wold <sgw at linux.intel.com>

---

 meta/recipes-extended/rpcbind/rpcbind_0.2.1.bb | 8 +++++++-
 1 file changed, 7 insertions(+), 1 deletion(-)

diff --git a/meta/recipes-extended/rpcbind/rpcbind_0.2.1.bb b/meta/recipes-extended/rpcbind/rpcbind_0.2.1.bb
index d9eb1a2..23219e0 100644
--- a/meta/recipes-extended/rpcbind/rpcbind_0.2.1.bb
+++ b/meta/recipes-extended/rpcbind/rpcbind_0.2.1.bb
@@ -37,7 +37,13 @@ INITSCRIPT_PARAMS = "start 12 2 3 4 5 . stop 60 0 1 6 ."
 SYSTEMD_SERVICE_${PN} = "rpcbind.service"
 SYSTEMD_AUTO_ENABLE = "disable"
 
-EXTRA_OECONF += " --enable-warmstarts "
+inherit useradd
+
+USERADD_PACKAGES = "${PN}"
+USERADD_PARAM_${PN} = "--system --no-create-home \
+                       --shell /bin/false --user-group rpc"
+
+EXTRA_OECONF += " --enable-warmstarts --with-rpcuser=rpc"
 
 do_install_append () {
 	mv ${D}${bindir} ${D}${sbindir}