[pkg-bacula-devel] Bug#699149: bacula-fd: should not run as 'root' by default

Teodor mteodor at gmail.com
Mon Jan 28 08:39:52 UTC 2013

Package: bacula-fd
Version: 5.2.6+dfsg-7
Severity: normal


The other Bacula services are started by 'bacula' user. Only bacula-fd
is started as 'root'. However, I've just discovered that it can function
properly with limited privileges too.

For this one must edit /etc/default/bacula-df to contain:

  ARGS="-u bacula -g bacula -k"

I think that from a security perspective this should be the default
on package installation.

Also, the init script file should work with defaults even if there is
no content on /e/d/bacula-fd or is completely missing. This means that
at install all default options should be provided as a comment/example:

#ARGS="-u bacula -g bacula -k"


-- System Information:
Debian Release: 7.0
  APT prefers testing
  APT policy: (500, 'testing'), (200, 'unstable')
Architecture: amd64 (x86_64)

Kernel: Linux 3.2.0-4-amd64 (SMP w/2 CPU cores)
Locale: LANG=en_US.utf8, LC_CTYPE=en_US.utf8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash

Versions of packages bacula-fd depends on:
ii  bacula-common  5.2.6+dfsg-7
ii  libacl1        2.2.51-8
ii  libc6          2.13-37
ii  libcap2        1:2.22-1.2
ii  libgcc1        1:4.7.2-5
ii  libpython2.7   2.7.3-6
ii  libssl1.0.0    1.0.1c-4
ii  libstdc++6     4.7.2-5
ii  libwrap0       7.6.q-24
ii  lsb-base       4.1+Debian8
ii  ucf            3.0025+nmu3
ii  zlib1g         1:1.2.7.dfsg-13

bacula-fd recommends no packages.

Versions of packages bacula-fd suggests:
pn  bacula-traymonitor  <none>

-- no debconf information

More information about the pkg-bacula-devel mailing list