uptimed icon indicating copy to clipboard operation
uptimed copied to clipboard

Published 20 hours ago verified publisher icon rpodgorny

systemd unit: run as 'daemon' user, not root

Open zdzichu opened this issue 9 years ago • 7 comments

Debian has been running uptimed as 'daemon' for three years now. Root permissions are unneccessary. Packagers should ensure that /var/spool/uptimed is chown'ed on upgrade.

zdzichu avatar May 13 '15 12:05 zdzichu

hmm, interesting! ...is there any document explaining the policy? (why the daemon user? why not nobody or something like that?)

i can't seem to find anything like this for arch linux (the distro i currently use).

rpodgorny avatar May 15 '15 11:05 rpodgorny

Debians policy is at: https://wiki.debian.org/SystemGroups: "daemon: Some unprivileged daemons that need to write to files on disk run as daemon.daemon (e.g., portmap, atd, probably others). Daemons that don't need to own any files can run as nobody.nogroup instead, and more complex or security conscious daemons run as dedicated users."

uptimed needs to own history in /var/spool/uptimed, so it's incompatible with Debian's "nobody". I think creating dedicated user for uptimed would be an overkill.

Arch mainly follows upstream, so if upstream uptimed runs as root, the same is true for Arch. I was unable to find any specific policy.

Fedora did not seem to have policy about "daemon" user, too. I've switched uptimed from running as root to running as daemon in Fedora 23, though.

zdzichu avatar May 15 '15 13:05 zdzichu

If i had to made the switch to a non-root user, I'd create a new user (_uptimed) instead of using daemon but that boat sailed long ago for Debian, so yeah pls accept this PR

gfa avatar Dec 02 '16 09:12 gfa

hmm, has this advanced/changed in debian/fedora meanwhile?

also, if ownership of /var/spool/uptimed is to be changed, shouldn't there a systemd-tmpfiles snippet as well?

rpodgorny avatar Nov 14 '21 23:11 rpodgorny

Current state:

  • Fedora is running uptimed as "daemon" user since 2015 (for six years) and I've received 0 (zero) bugreports about that; The package did chown from root to daemon:daemon of /var/spool/uptimed on upgrade. I've recently removed that, as 12 distribution releases of backward compatibility should be more than enough (https://src.fedoraproject.org/rpms/uptimed/c/ccf71cc6f6775f9ab2f0824bc9e089cbb5380691?branch=rawhide)

  • Debian continues to run uptimed as daemon. No change here in recent years. @xtaran could you confirm?

zdzichu avatar Dec 04 '21 11:12 zdzichu

Hi,

sorry for chiming in late. Did seem to have overseen the according notification and stumbled over the nick highlight just by accident.

@rpodgorny wrote:

hmm, has this advanced/changed in debian/fedora meanwhile?

@zdzichu wrote:

  • Debian continues to run uptimed as daemon. No change here in recent years. @xtaran could you confirm?

I can confirm that there were no changes wrt. the user uptimed is running under on Debian since I took over the uptimed Debian package. And I also don't intend to change this as it works well that way.

@rpodgorny wrote:

also, if ownership of /var/spool/uptimed is to be changed, shouldn't there a systemd-tmpfiles snippet as well?

No. /var/spool/ is not a directory that is handled by systemd-tmpfiles. It only handles volatile directories. /var/spool/ is not volatile.

The ownership of that directory is set in Debian's postinst script.

xtaran avatar Feb 03 '23 11:02 xtaran

I think it is warranted to merge this PR now.

zdzichu avatar Jul 22 '23 17:07 zdzichu