Bug#832758: irkerd.service runs irkerd as root (should run as user "irker")
Control: tags -1 +pending Control: forwarded https://gitlab.com/esr/irker/merge_requests/15 The following patch should fix that problem: commit 1980b7cb4239463b581579cc39480774d3e2d2fe Author: Antoine BeaupréDate: Mon Sep 12 12:01:44 2016 -0400 run daemon as the irker user (Close: #832758) this is an improvement upon the default .service file. it requires a irker user to be created, something which is automatically handled by the debian package, but should be handled by other distributions when deploying the .service file. there are obvious dangers in running irkerd as root: a compromise would be catastrophic, and since it runs on public servers that are traditionnally pretty hostile (IRC), it seems critical that rights of the daemon be limited. diff --git a/irkerd.service b/irkerd.service index d19378b..82f39b0 100644 --- a/irkerd.service +++ b/irkerd.service @@ -7,6 +7,7 @@ Requires=network.target [Service] ExecStart=/usr/bin/irkerd +User=irker [Install] WantedBy=multi-user.target I have forwarded it upstream as well. A. signature.asc Description: Digital signature
Bug#832758: irkerd.service runs irkerd as root (should run as user "irker")
Package: irker Version: 2.18+dfsg-1 Severity: normal Tags: patch Dear Maintainer, When systemd tries to launch irkerd, it runs it as root. This is a Bad Idea. Please add a User=irker line to the [Service] section of irkerd.service. Regards, --dkg -- System Information: Debian Release: stretch/sid APT prefers testing-debug APT policy: (500, 'testing-debug'), (500, 'testing'), (200, 'unstable-debug'), (200, 'unstable'), (1, 'experimental-debug'), (1, 'experimental') Architecture: amd64 (x86_64) Foreign Architectures: i386 Kernel: Linux 4.6.0-1-amd64 (SMP w/4 CPU cores) Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash Init: systemd (via /run/systemd/system)