[pkg-bacula-devel] [bacula] 01/01: Reworks runtime user usage for daemins

[Sven Hartge]

On 30.08.2016 00:24, Carsten Leonhardt wrote:

>>     b) switch bacula-fd over to non-root mode
>>     
>>     Since version 5.2.6 it is possible to run the filedaemon (on Linux) as
>>     non-root, if the system has capabilities allowing the daemon to read all
>>     files while running as a normal user.
>>     
>>     This is now the new default for systems which allow this mode of
>>     operation.
> 
> I still think that bacula-fd should run as root by default, as restores
> will not work correctly otherwise.

They will work partly, because the default restore path is
/tmp/bacula-restores, which is writeable by user bacula.

The restored files will not have the correct user and possibly wrong
ACLs though.

> Those that know what they do can then switch to running it as non-root
(probably nobody.nogroup).

I don't think using nobody.nogroup for too much is a good idea. Besides
it will also complicate the permissions for the configuration in
/etc/bacula. They will have to be readable by "nobody", giving every
other daemon running as that user full access to the bacula-fd
configuration.

I see no harm in using the existing user bacula for this purpose.

> Maybe a debconf question with a priority below default, defaulting to
> running as root. This would allow for preseeding.

> In my eyes, this is sufficient to close the wontfix-bug.

Yes, I think so too. But I have _no_ idea how to do that. I can draft
the things the code will have to do (mainly for systemd integration) but
no knowledge whatsoever on how to do it.

S°


-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 801 bytes
Desc: OpenPGP digital signature
URL: <http://lists.alioth.debian.org/pipermail/pkg-bacula-devel/attachments/20160830/a1be9787/attachment.sig>