From: "Anthony J. Bentley" <bentley@openbsd.org>
Subject: New user for fontconfig cache
To: tech@openbsd.org
Date: Tue, 01 Jul 2025 01:39:11 -0600

When installing fonts, pkg_add(1) runs fc-cache(1) to add them to
/var/cache/fontconfig. It does so as root, which makes me uncomfortable.
During j2k25 I experimented with changing ownership of the font cache to
a dedicated unprivileged user and switching to it during pkg_add; this
works, and I'd like to make it the default.

The first step is to create the user. Since this is simple and can
be done independently of the remaining parts of the transition, I'd
like to commit this right away.

ok?

diff 6c769c19c0f9d9a7a235a0fba7639685623664c8 1c3bdad1df8382eba1e67c36909c80caca3bea19
commit - 6c769c19c0f9d9a7a235a0fba7639685623664c8
commit + 1c3bdad1df8382eba1e67c36909c80caca3bea19
blob - a18b65949be3f15d6819de7524d85937a4259164
blob + 993b05998fa31e50b1e6c6eee351d9dcaf73537b
--- etc/group
+++ etc/group
@@ -84,5 +84,6 @@ _dhcp6leased:*:116:
 dialer:*:117:
 _shutdown:*:118:
 _lldpd:*:119:
+_fc-cache:*:120:
 nogroup:*:32766:
 nobody:*:32767:
blob - 2735061701236d5c3e0f8d695da6e8b1715d5bcf
blob + ea229a76fa3ea576e43ef3a2057ba44b0e1890b8
--- etc/mail/aliases
+++ etc/mail/aliases
@@ -28,6 +28,7 @@ _dvmrpd: /dev/null
 _eigrpd: /dev/null
 _file: /dev/null
 _fingerd: /dev/null
+_fc-cache: /dev/null
 _ftp: /dev/null
 _hostapd: /dev/null
 _identd: /dev/null
blob - 65d8e077dfb1344b8df5c63ec9445fac9c6cdd94
blob + acfaca56dec86fb7815b3f6af3b7f9513340499b
--- etc/master.passwd
+++ etc/master.passwd
@@ -64,4 +64,5 @@ _syspatch:*:112:112::0:0:syspatch unprivileged user:/v
 _slaacd:*:115:115::0:0:SLAAC Daemon:/var/empty:/sbin/nologin
 _dhcp6leased:*:116:116::0:0:DHCP6Lease Daemon:/var/empty:/sbin/nologin
 _lldpd:*:119:119::0:0:LLDP Daemon:/var/empty:/sbin/nologin
+_fc-cache:*:120:120::0:0:Font configuration cache:/var/empty:/sbin/nologin
 nobody:*:32767:32767::0:0:Unprivileged user:/nonexistent:/sbin/nologin