Bug#699149: bacula-fd: should not run as 'root' by default
Control: tag -1 - wontfix Control: tag -1 + confirmed Control: retitle -1 Make running bacula-fd as non-root easier While the default will not be to run as non-root, it will likely become a debconf question, and so could be preseeded. And to correct my earlier statement - it is possible to backup the entire system, but the restore will not work as expected if the bacula-fd isn't running as root.
Bug#699149: bacula-fd: should not run as 'root' by default
On Mon, 28 Jan 2013 01:39:52 -0700, Teodor MICU wrote: > The other Bacula services are started by 'bacula' user. Only bacula-fd > is started as 'root'. However, I've just discovered that it can > function properly with limited privileges too. I'm guessing you aren't doing full system backups? Because running bacula-fd as non-root means it cannot backup files with strict read permissions (e.g. 400 and owned by another user). Therefore it shouldn't be the default and the note in the README.Debian suffices for those that want to deviate from that. -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
Bug#699149: bacula-fd: should not run as 'root' by default
2013/1/31 Alexander Golovko :
> You lose files owner/group and acl on restoring.
That's not a big deal comparing with the increased security.
> /e/d/bacula-{dir,sd} has nonempty ARGS and bacula-{director,sd} will be
> incorrectly runned under root privileges if defaults file missed.
>
> This should be changed.
Yes, you should set the defaults in the init script (not in
/etc/default/FILE) just like you do for $CONFIG.
> Also, there is a reason, that we should provide
> defaults in /e/d/bacula-* as comments. I think, this is will not be
> included into wheezy, but it should be fixed in next versions.
OK. Please, no more double settings like this:
# CONFIG="/etc/bacula/bacula-fd.conf"
CONFIG="/etc/bacula/bacula-fd.conf"
Cheers
--
To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
Bug#699149: [pkg-bacula-devel] Bug#699149: Bug#699149: bacula-fd: should not run as 'root' by default
В Wed, 30 Jan 2013 11:19:13 +0200
Teodor MICU пишет:
> 2013/1/29 Alexander Golovko :
> >> ARGS="-u bacula -g bacula -k"
> >>
> >> I think that from a security perspective this should be the default
> >> on package installation.
> >
> > This will lead to impossibility to restore backups without
> > restarting bacula-fd. This is also can require changing user scripts
> > for dump databases and such. This can confuse peoples.
>
> I'm having this setup and I can restore backups just fine. Of course,
> the restore directory must be rwx by bacula or mode 1777.
You lose files owner/group and acl on restoring.
>
> About the other thing (ie. dump databases), I can't tell.
>
> > I think, we should not change defaults, however, this functionality
> > described in README.Debian.gz (USERS & SECURITY).
>
> But you do for bacula-dir and bacula-sd, why not for bacula-fd?
>
> > bacula-fd init script correctly work without /e/d/bacula-fd.
>
> Right. I thought that it depends on setting ENABLED="yes" but I see
> now that it checks for "no".
>
> > But there is a reason for set defaults in init scripts for
> > bacula-director and bacula-sd and comment defaults in /e/d/bacula-*
>
> Can you detail a little? I don't understand what you're trying to say.
/e/d/bacula-{dir,sd} has nonempty ARGS and bacula-{director,sd} will be
incorrectly runned under root privileges if defaults file missed.
This should be changed. Also, there is a reason, that we should provide
defaults in /e/d/bacula-* as comments. I think, this is will not be
included into wheezy, but it should be fixed in next versions.
--
with best regards,
Alexander Golovko
email: alexan...@ankalagon.ru
xmpp: alexan...@ankalagon.ru
signature.asc
Description: PGP signature
Bug#699149: [pkg-bacula-devel] Bug#699149: bacula-fd: should not run as 'root' by default
2013/1/29 Alexander Golovko : >> ARGS="-u bacula -g bacula -k" >> >> I think that from a security perspective this should be the default >> on package installation. > > This will lead to impossibility to restore backups without > restarting bacula-fd. This is also can require changing user scripts > for dump databases and such. This can confuse peoples. I'm having this setup and I can restore backups just fine. Of course, the restore directory must be rwx by bacula or mode 1777. About the other thing (ie. dump databases), I can't tell. > I think, we should not change defaults, however, this functionality > described in README.Debian.gz (USERS & SECURITY). But you do for bacula-dir and bacula-sd, why not for bacula-fd? > bacula-fd init script correctly work without /e/d/bacula-fd. Right. I thought that it depends on setting ENABLED="yes" but I see now that it checks for "no". > But there is a reason for set defaults in init scripts for > bacula-director and bacula-sd and comment defaults in /e/d/bacula-* Can you detail a little? I don't understand what you're trying to say. Cheers -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
Bug#699149: [pkg-bacula-devel] Bug#699149: bacula-fd: should not run as 'root' by default
Severity: wishlist -- В Mon, 28 Jan 2013 01:39:52 -0700 Teodor пишет: > Package: bacula-fd > Version: 5.2.6+dfsg-7 > Severity: normal > > Hi, Hi! > > The other Bacula services are started by 'bacula' user. Only bacula-fd > is started as 'root'. However, I've just discovered that it can > function properly with limited privileges too. > > For this one must edit /etc/default/bacula-df to contain: > > ARGS="-u bacula -g bacula -k" > > I think that from a security perspective this should be the default > on package installation. This will lead to impossibility to restore backups without restarting bacula-fd. This is also can require changing user scripts for dump databases and such. This can confuse peoples. I think, we should not change defaults, however, this functionality described in README.Debian.gz (USERS & SECURITY). > > Also, the init script file should work with defaults even if there is > no content on /e/d/bacula-fd or is completely missing. This means that > at install all default options should be provided as a > comment/example: > > #ENABLED="yes" > #ARGS="-u bacula -g bacula -k" > #CONFIG="/etc/bacula/bacula-fd.conf" bacula-fd init script correctly work without /e/d/bacula-fd. But there is a reason for set defaults in init scripts for bacula-director and bacula-sd and comment defaults in /e/d/bacula-* > > Cheers > > > -- System Information: > Debian Release: 7.0 > APT prefers testing > APT policy: (500, 'testing'), (200, 'unstable') > Architecture: amd64 (x86_64) > > Kernel: Linux 3.2.0-4-amd64 (SMP w/2 CPU cores) > Locale: LANG=en_US.utf8, LC_CTYPE=en_US.utf8 (charmap=UTF-8) > Shell: /bin/sh linked to /bin/dash > > Versions of packages bacula-fd depends on: > ii bacula-common 5.2.6+dfsg-7 > ii libacl12.2.51-8 > ii libc6 2.13-37 > ii libcap21:2.22-1.2 > ii libgcc11:4.7.2-5 > ii libpython2.7 2.7.3-6 > ii libssl1.0.01.0.1c-4 > ii libstdc++6 4.7.2-5 > ii libwrap0 7.6.q-24 > ii lsb-base 4.1+Debian8 > ii ucf3.0025+nmu3 > ii zlib1g 1:1.2.7.dfsg-13 > > bacula-fd recommends no packages. > > Versions of packages bacula-fd suggests: > pn bacula-traymonitor > > -- no debconf information > > ___ > pkg-bacula-devel mailing list > pkg-bacula-de...@lists.alioth.debian.org > http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/pkg-bacula-devel > -- with best regards, Alexander Golovko email: alexan...@ankalagon.ru xmpp: alexan...@ankalagon.ru signature.asc Description: PGP signature
Bug#699149: bacula-fd: should not run as 'root' by default
Package: bacula-fd Version: 5.2.6+dfsg-7 Severity: normal Hi, The other Bacula services are started by 'bacula' user. Only bacula-fd is started as 'root'. However, I've just discovered that it can function properly with limited privileges too. For this one must edit /etc/default/bacula-df to contain: ARGS="-u bacula -g bacula -k" I think that from a security perspective this should be the default on package installation. Also, the init script file should work with defaults even if there is no content on /e/d/bacula-fd or is completely missing. This means that at install all default options should be provided as a comment/example: #ENABLED="yes" #ARGS="-u bacula -g bacula -k" #CONFIG="/etc/bacula/bacula-fd.conf" Cheers -- System Information: Debian Release: 7.0 APT prefers testing APT policy: (500, 'testing'), (200, 'unstable') Architecture: amd64 (x86_64) Kernel: Linux 3.2.0-4-amd64 (SMP w/2 CPU cores) Locale: LANG=en_US.utf8, LC_CTYPE=en_US.utf8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash Versions of packages bacula-fd depends on: ii bacula-common 5.2.6+dfsg-7 ii libacl12.2.51-8 ii libc6 2.13-37 ii libcap21:2.22-1.2 ii libgcc11:4.7.2-5 ii libpython2.7 2.7.3-6 ii libssl1.0.01.0.1c-4 ii libstdc++6 4.7.2-5 ii libwrap0 7.6.q-24 ii lsb-base 4.1+Debian8 ii ucf3.0025+nmu3 ii zlib1g 1:1.2.7.dfsg-13 bacula-fd recommends no packages. Versions of packages bacula-fd suggests: pn bacula-traymonitor -- no debconf information -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
