[pkg-bacula-devel] bacula-fd dropping privileges

Carsten Leonhardt leo at debian.org
Wed Aug 31 09:18:49 UTC 2016 

> Next question is: Depend or Recommend libcap2-bin?
>
> Recommend will work without errors because of the setcap testing code I
> stole from iputils-ping's postinst, omitting the setcap if no setcap is
> available (also needed for FreeBSD).
>
> But it means the user will have to manually set the right capabilities
> later, if s/he decides to go non-root and libcap2-bin was not available
> at install time. This will be documented, but we all know that users
> seldom read the documentation.

I think that running dpkg-reconfigure triggers the postinst configure,
but I'm not sure. So the recommended way to change could be
"dpkg-reconfigure -plow bacula-fd". If the necessary program isn't
installed, another note could be shown, informing the user that
libcap2-bin is missing and that they should re-run dpkg-reconfigure
after installing it.

Reading the policy section again, I'd say Suggests corresponds best.

> Another question: Right now the init-script silently falls back to the
> original root-mode if the capability checks fails, even if the user
> specified ENABLE_NONROOT=true.
>
> Should we warn in that case, should we abort?
>
> And then is the question on how to do those quite elaborate checks for
> systemd? I can call another ExecStartPre script but I'd rather not
> over-complicate the matter.

I'd guess that the procedure I've outlined above would be sufficient.

> All in all it boils down to: how much granular choice do we allow the
> user in this matter?

If I understand correctly, we have a choice here between handling the
setting of capabilities ourselves and having automatic backtraces, or
letting bacula-fd handle it itself (-k -u -g), but probably not have working
backtraces anymore, right?

We could also say that, until it's fixed upstream, there aren't
automatic backtraces if using capabilities. That would make everything
much simpler, no? Just ask about dropping capabilities and set "-k"
accordingly.

Another question would be if we should only generate the user if
dropping privileges is chosen.

 - Carsten

More information about the pkg-bacula-devel mailing list