[PATCH v2 1/1] autotools: install rpcbind to --sbindir.

Michael Orlitzky <michael@xxxxxxxxxxxx> · Tue, 1 Aug 2017 14:55:25 -0400

According to its own man page, the rpcbind program "can only be
started by the super-user." On systems where a distinction is made, it
therefore makes sense to install rpcbind to the autotools sbindir
rather than the regular bindir where it is currently installed. This
is accomplished by three small changes:

  1. Move rpcbind from bin_PROGRAMS to sbin_PROGRAMS in Makefile.am.
  2. Change @_bindir@ to @_sbindir@ in the rpcbind systemd service file.
  3. Tell configure.ac that it should substitute the value of $sbindir
     into @_sbindir@ instead of $bindir$ into @_bindir@.

The rpcinfo tool remains where it is, in bindir, since unprivileged
users are able to usefully run it. This avoids forcing maintainers to
choose between two bad options: hiding rpcinfo from unprivileged
users, or installing a useless rpcbind for them.

Signed-off-by: Michael Orlitzky <michael@xxxxxxxxxxxx>
---
 Makefile.am                | 3 ++-
 configure.ac               | 6 +++---
 systemd/rpcbind.service.in | 2 +-
 3 files changed, 6 insertions(+), 5 deletions(-)

diff --git a/Makefile.am b/Makefile.am
index 43c2710..c160a95 100644
--- a/Makefile.am
+++ b/Makefile.am
@@ -29,7 +29,8 @@ if LIBWRAP
 AM_CPPFLAGS +=	-DLIBWRAP
 endif
 
-bin_PROGRAMS = rpcbind rpcinfo
+bin_PROGRAMS = rpcinfo
+sbin_PROGRAMS = rpcbind
 
 rpcbind_SOURCES = \
 	src/check_bound.c \
diff --git a/configure.ac b/configure.ac
index 3790310..359a418 100644
--- a/configure.ac
+++ b/configure.ac
@@ -61,9 +61,9 @@ AC_SEARCH_LIBS([pthread_create], [pthread])
 
 AC_CHECK_HEADERS([nss.h rpcsvc/mount.h])
 
-# make bindir available for substitution in config file
+# make sbindir available for substitution in config file
 # 2 "evals" needed to expand variable names
-AC_SUBST([_bindir])
-AC_CONFIG_COMMANDS_PRE([eval eval _bindir=$bindir])
+AC_SUBST([_sbindir])
+AC_CONFIG_COMMANDS_PRE([eval eval _sbindir=$sbindir])
 
 AC_OUTPUT([Makefile systemd/rpcbind.service])
diff --git a/systemd/rpcbind.service.in b/systemd/rpcbind.service.in
index 03a9e0b..f8cfa9f 100644
--- a/systemd/rpcbind.service.in
+++ b/systemd/rpcbind.service.in
@@ -12,7 +12,7 @@ After=rpcbind.socket
 [Service]
 Type=notify
 # distro can provide a drop-in adding EnvironmentFile=-/??? if needed.
-ExecStart=@_bindir@/rpcbind $RPCBIND_OPTIONS -w -f
+ExecStart=@_sbindir@/rpcbind $RPCBIND_OPTIONS -w -f
 
 [Install]
 WantedBy=multi-user.target
-- 
2.13.0

--
To unsubscribe from this list: send the line "unsubscribe linux-nfs" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at  http://vger.kernel.org/majordomo-info.html






