[
https://issues.apache.org/jira/browse/DAEMON-93?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Mladen Turk resolved DAEMON-93.
-------------------------------
Resolution: Fixed
Fix Version/s: 1.0.1
Fixed using different approach.
Your patch although simple would prevent changing and initing groups
Applied patch calls set_caps only if getuid()==0, but still calls set_user_group
https://svn.apache.org/viewvc/commons/proper/daemon/trunk/src/native/unix/native/jsvc-unix.c?r1=909104&r2=909380&diff_format=h
> jsvc should be runnable as non root.
> ------------------------------------
>
> Key: DAEMON-93
> URL: https://issues.apache.org/jira/browse/DAEMON-93
> Project: Commons Daemon
> Issue Type: Improvement
> Environment: Linux
> Reporter: Simone Piunno
> Fix For: 1.0.1
>
> Attachments: 1.0.1-capabilities.patch
>
>
> On Linux jsvc only works as root.
> Despite the discussion on issue 24, loading the kernel capability module
> doens't help.
> pio...@roentgen ~ $ uname -a
> Linux roentgen 2.6.19-gentoo-r4 #1 PREEMPT Sun Jan 14 13:01:55 CET 2007
> x86_64 AMD Athlon(tm) 64 Processor 3200+ AuthenticAMD GNU/Linux
> pio...@roentgen ~ $ lsmod|grep capa
> capability 4296 0
> commoncap 5952 1 capability
> in the errfile I get:
> 14/01/2007 00:42:58 31709 jsvc.exec error: syscall failed in set_caps
> 14/01/2007 00:42:58 31709 jsvc.exec error: set_caps(CAPS) failed
> 14/01/2007 00:42:58 31708 jsvc.exec error: Service exit with a return value
> of 4
> I've been told documentation says:
> "Jsvc is a daemon process so it should be started as root and the -user
> parameter allows to downgrade to an unprivilegded user."
> but I see no reason why jsvc or any other daemon process shouldn't be
> runnable as non root therefore I'm creating this issue as a request for
> improvement.
> I'm also attaching
> I'm attaching a patch.
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
