From f64a1a72bd1ab8454c4102dfd1698cbc9492a992 Mon Sep 17 00:00:00 2001
From: "Kyle J. McKay" <mackyle@gmail.com>
Date: Wed, 17 Sep 2014 19:39:11 -0700
Subject: [PATCH] jailsetup: add an entry for nobody to passwd

The nobody use can be used to run fetch (aka git-upload-pack)
processes that should never write anything into the repository.
---
 jailsetup.sh | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/jailsetup.sh b/jailsetup.sh
index 9b38298..241a40c 100755
--- a/jailsetup.sh
+++ b/jailsetup.sh
@@ -19,7 +19,7 @@ getent="$srcdir/getent"
 dbonly=''
 [ "$1" != "dbonly" ] || dbonly=1
 
-reserved_users="root sshd _sshd mob everyone $cfg_cgi_user $cfg_mirror_user"
+reserved_users="root sshd _sshd mob nobody everyone $cfg_cgi_user $cfg_mirror_user"
 
 # Require either sshd or _sshd user unless "dbonly"
 sshd_user=sshd
@@ -74,6 +74,7 @@ mkdir -p etc
 if [ ! -s etc/passwd ]; then
 	cat >etc/passwd <<EOT
 root:x:0:0:system administrator:/var/empty:/bin/false
+nobody:x:$("$getent" passwd nobody | cut -d : -f 3-4):unprivileged user:/var/empty:/bin/false
 EOT
 	[ -z "$sshd_user" ] || cat >>etc/passwd <<EOT
 sshd:x:$("$getent" passwd $sshd_user | cut -d : -f 3-4):privilege separation:/var/empty:/bin/false
-- 
2.11.4.GIT