[Python-apps-team] Bug#832758: irkerd.service runs irkerd as root (should run as user "irker")
anarcat
anarcat at debian.org
Mon Sep 12 16:15:55 UTC 2016
Control: tags -1 +pending
Control: forwarded https://gitlab.com/esr/irker/merge_requests/15
The following patch should fix that problem:
commit 1980b7cb4239463b581579cc39480774d3e2d2fe
Author: Antoine Beaupré <anarcat at debian.org>
Date: Mon Sep 12 12:01:44 2016 -0400
run daemon as the irker user (Close: #832758)
this is an improvement upon the default .service file. it requires a
irker user to be created, something which is automatically handled by
the debian package, but should be handled by other distributions when
deploying the .service file.
there are obvious dangers in running irkerd as root: a compromise
would be catastrophic, and since it runs on public servers that are
traditionnally pretty hostile (IRC), it seems critical that rights of
the daemon be limited.
diff --git a/irkerd.service b/irkerd.service
index d19378b..82f39b0 100644
--- a/irkerd.service
+++ b/irkerd.service
@@ -7,6 +7,7 @@ Requires=network.target
[Service]
ExecStart=/usr/bin/irkerd
+User=irker
[Install]
WantedBy=multi-user.target
I have forwarded it upstream as well.
A.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 819 bytes
Desc: Digital signature
URL: <http://lists.alioth.debian.org/pipermail/python-apps-team/attachments/20160912/36bcf0e7/attachment.sig>
More information about the Python-apps-team
mailing list