$OpenBSD: patch-src_ngircd_ngircd_c,v 1.5 2020/02/24 10:30:16 solene Exp $
Index: src/ngircd/ngircd.c
--- src/ngircd/ngircd.c.orig
+++ src/ngircd/ngircd.c
@@ -259,6 +259,16 @@ main(int argc, const char *argv[])
 			exit(1);
 		}
 
+		/* XXX using a PID file needs cpath to unlink() later */
+		if(Conf_PidFile[0]) {
+			if ( pledge("stdio inet dns rpath proc getpw cpath", NULL) == -1)
+				err(1, "pledge");
+		}
+		else {
+			if ( pledge("stdio inet dns rpath proc getpw", NULL) == -1)
+				err(1, "pledge");
+		}
+
 		/* Initialize modules, part II: these functions are eventually
 		 * called with already dropped privileges ... */
 		Channel_Init();
@@ -563,7 +573,7 @@ Setup_FDStreams(int fd)
 #if !defined(SINGLE_USER_OS)
 
 /**
- * Get user and group ID of unprivileged "nobody" user.
+ * Get user and group ID of unprivileged "_ngircd" user.
  *
  * @param uid	User ID
  * @param gid	Group ID
@@ -587,7 +597,7 @@ NGIRCd_getNobodyID(uid_t *uid, gid_t *gid )
 	}
 #endif
 
-	pwd = getpwnam("nobody");
+	pwd = getpwnam("_ngircd");
 	if (!pwd)
 		return false;
 
@@ -703,11 +713,11 @@ NGIRCd_Init(bool NGIRCd_NoDaemon)
 	if (Conf_UID == 0) {
 		pwd = getpwuid(0);
 		Log(LOG_INFO,
-		    "ServerUID must not be %s(0), using \"nobody\" instead.",
+		    "ServerUID must not be %s(0), using \"_ngircd\" instead.",
 		    pwd ? pwd->pw_name : "?");
 		if (!NGIRCd_getNobodyID(&Conf_UID, &Conf_GID)) {
 			Log(LOG_WARNING,
-			    "Could not get user/group ID of user \"nobody\": %s",
+			    "Could not get user/group ID of user \"_ngircd\": %s",
 			    errno ? strerror(errno) : "not found" );
 			goto out;
 		}
