Create dedicated sandbox user for wsdd service

This changes the account the wsdd service runs under from the generic
'daemon' user to its own dedicated '_wsdd' user.

Approved by:	hiroo.ono+freebsd@gmail.com (maintainer)
PR:		250159
MFH:		2020Q4

4 files changed, 7 insertions, 4 deletions

diff --git a/GIDs b/GIDs
index 7c713185f574..57f82ac0326c 100644
--- a/GIDs
+++ b/GIDs
@@ -310,7 +310,7 @@ httptunnel:*:361:
 # free: 367
 # free: 368
 # free: 369
-# free: 370
+_wsdd:*:370:
 # free: 371
 # free: 372
 # free: 373
diff --git a/UIDs b/UIDs
index abd3ab3fbdce..c2517a64ea6a 100644
--- a/UIDs
+++ b/UIDs
@@ -315,7 +315,7 @@ httptunnel:*:361:361::0:0:httptunnel Daemon:/nonexistent:/usr/sbin/nologin
 # free: 367
 # free: 368
 # free: 369
-# free: 370
+_wsdd:*:370:370::0:0:Web Service Discovery Daemon:/nonexistent:/usr/sbin/nologin
 # free: 371
 # free: 372
 # free: 373
diff --git a/net/py-wsdd/Makefile b/net/py-wsdd/Makefile
index afadaa099cc5..d5096ca2109a 100644
--- a/net/py-wsdd/Makefile
+++ b/net/py-wsdd/Makefile
@@ -3,7 +3,7 @@
 PORTNAME=	wsdd
 DISTVERSIONPREFIX=	v
 DISTVERSION=	0.6.1
-PORTREVISION=	1
+PORTREVISION=	2
 CATEGORIES=	net python
 PKGNAMEPREFIX=	${PYTHON_PKGNAMEPREFIX}
 
@@ -20,6 +20,9 @@ SHEBANG_FILES=	src/${PORTNAME}.py
 NO_ARCH=	yes
 NO_BUILD=	yes
 
+USERS=		_wsdd
+GROUPS=		_wsdd
+
 PLIST_FILES=	bin/${PORTNAME} \
 		etc/rc.d/${PORTNAME} \
 		man/man1/${PORTNAME}.1.gz
diff --git a/net/py-wsdd/files/patch-etc_rc.d_wsdd b/net/py-wsdd/files/patch-etc_rc.d_wsdd
index c2ca424dbba3..3fae8767987d 100644
--- a/net/py-wsdd/files/patch-etc_rc.d_wsdd
+++ b/net/py-wsdd/files/patch-etc_rc.d_wsdd
@@ -68,7 +68,7 @@
 +wsdd_start()
 +{
 +	echo -n "Starting ${name}."
-+	/usr/sbin/daemon -u daemon -S -p ${pidfile} ${command} ${wsdd_opts}
++	/usr/sbin/daemon -u _wsdd -S -p ${pidfile} ${command} ${wsdd_opts}
 +}
 +
  run_rc_command "$1"