Re: [Dev] processes running as root

Thu, 14 Aug 2014 05:54:08 -0700 

On 08/12/2014 03:08 PM, Stéphane Desneux wrote:

Hi Valentina,


Hi Stephane,


As Casey and Carsten said: things are not black and white... but simply
gray :) We *try* to reduce the daemons running as root as much as
possible. But it's not an absolute rule.

Sometimes, it's possible to migrate a daemon from root to <some system
user> without much difficulties. A good example is weston in
Tizen:Common: it runs as a 'display' user, who has the proper rights on
the DRM and input devices.

For some other daemons, it can become more tricky.

If I take a quick look on a recent Tizen:Common snapshot, I can see that
there are some daemons running as root, as you noticed:

root       159     1  0 03:22 ?        00:00:00 /usr/sbin/ofonod -n
root       161     1  0 03:22 ?        00:00:00 /usr/bin/alarm-server
root       168     1  0 03:22 ?        00:00:00 /usr/sbin/connmand -n
root       172     1  0 03:22 ?        00:00:00 /usr/bin/security-server
root       173     1  0 03:22 ?        00:00:00 /usr/bin/media-server
root       175     1  0 03:22 ?        00:00:00
/usr/bin/notification-service
root       239     1  0 03:22 ?        00:00:00 /lib/bluetooth/bluetoothd -E
root       344     1  0 03:22 ?        00:00:00 /usr/sbin/wpa_supplicant -u
root      1037   173  0 03:23 ?        00:00:00 media-thumbnail-server

In this list, I see 3 categories:
- some daemons can very probably run as system users (media-server,
media-thumbnail-server, ofonod, alarm-server), if we're able to define
the appropriate rights
- for network and connectivity daemons (connmand, wpa_supplicant,
bluetoothd), it may be more tricky to migrate to non-root users, but
this needs some investigation
- some services need to run as root (security-server AFAIK)

As Casey pointed, migrating from root to system users for some daemons
is an ongoing effort.



thanks for your detailed answer. I was actually wondering how you 
proceeded with the identification of the processes that can be run as 
system processes and if you planned to continue in that direction for 
the services that still run as root.
My guess is that this would help also with having a 
multi-user/multi-session system.


Best Regards,
- Valentina



Best regards,


_______________________________________________
Dev mailing list
[email protected]
https://lists.tizen.org/listinfo/dev






















					Reply via email to