Hi Valentina, As Casey and Carsten said: things are not black and white... but simply gray :) We *try* to reduce the daemons running as root as much as possible. But it's not an absolute rule.
Sometimes, it's possible to migrate a daemon from root to <some system user> without much difficulties. A good example is weston in Tizen:Common: it runs as a 'display' user, who has the proper rights on the DRM and input devices. For some other daemons, it can become more tricky. If I take a quick look on a recent Tizen:Common snapshot, I can see that there are some daemons running as root, as you noticed: root 159 1 0 03:22 ? 00:00:00 /usr/sbin/ofonod -n root 161 1 0 03:22 ? 00:00:00 /usr/bin/alarm-server root 168 1 0 03:22 ? 00:00:00 /usr/sbin/connmand -n root 172 1 0 03:22 ? 00:00:00 /usr/bin/security-server root 173 1 0 03:22 ? 00:00:00 /usr/bin/media-server root 175 1 0 03:22 ? 00:00:00 /usr/bin/notification-service root 239 1 0 03:22 ? 00:00:00 /lib/bluetooth/bluetoothd -E root 344 1 0 03:22 ? 00:00:00 /usr/sbin/wpa_supplicant -u root 1037 173 0 03:23 ? 00:00:00 media-thumbnail-server In this list, I see 3 categories: - some daemons can very probably run as system users (media-server, media-thumbnail-server, ofonod, alarm-server), if we're able to define the appropriate rights - for network and connectivity daemons (connmand, wpa_supplicant, bluetoothd), it may be more tricky to migrate to non-root users, but this needs some investigation - some services need to run as root (security-server AFAIK) As Casey pointed, migrating from root to system users for some daemons is an ongoing effort. Best regards, -- Stéphane Desneux Intel OTC - Vannes/FR gpg:1CA35726/DFA9B0232EF80493AF2891FA24E3A2841CA35726 On 11/08/2014 17:27, Valentina Giusti wrote: > Hi Tizen developers! > > according to the wiki page > https://wiki.tizen.org/wiki/Security:SmackThreeDomainModel, in Tizen 3.0 > there are processes running as root. In the AMD Multi-User wiki page it > even says that the AMD daemon runs "as root as in single user mode". > > During the workshop in Vannes last week, I got the impression (or at > least I wrote so in my notes) that no process in Tizen is allowed to run > as root: at most, processes can be run as setuid root for a limited > period of time. > > Are my notes from the workshop valid or is it actually true that some > processes are run as root? > > Thanks! > > Best Regards, > - Valentina Giusti > _______________________________________________ > Dev mailing list > [email protected] > https://lists.tizen.org/listinfo/dev _______________________________________________ Dev mailing list [email protected] https://lists.tizen.org/listinfo/dev
