[pkg-bacula-devel] user/group setting in init-scripts and units
Sven Hartge
sven at svenhartge.de
Sun Jul 17 19:48:37 UTC 2016
Hi!
While doing some changes for the systemd services, I first used User=
and Group= in the units to start the daemons as the intended user using
systemd and not via parameters "-u" and "-g" from the daemon itself.
I changed this back to be able to parse the user and group from
/etc/default/$NAME and to have the unit as close as possible to the init
script, as Carsten suggested.
But now, I came across Issue#1905
http://bugs.bacula.org/view.php?id=1905 from the Bacula bugtracker,
which states that if you use "-u" and "-g" you no longer can get an
automatic backtrace.
Upstream changed the init-script in 2010 to delegate the change of the
userid:usergroup to start-stop-daemon:
http://www.bacula.org/git/cgit.cgi/bacula/commit/?id=3924012940114148be0ef565e6d979597f9a27d1
and adapted the systemd units in 2012 for 5.2.11:
http://www.bacula.org/git/cgit.cgi/bacula/commit/?id=f085b9e9077532f46ee4682dc69f6f224045fe9d
Some thoughts on that matter:
- automatic backtrace generation is effectivly broken at the moment, it
seams.
- changing who changes user:group is trivial for both the init script
and the systemd unit, but only for the init script we can still parse
the user/group from /etc/default/$NAME, for the systemd unit this is not
possible. (Environment Varables only work for ExecStart= etc.)
- Question is: how important is it for the admin to be able to change
the user the director and the storage-daemon run as (the file-daemon
always runs as root:root)?
If the admin effectivly wants to change the user the director runs as,
he has to change nearly everything bacula touches as the user and group
bacula is hard-coded quite deep into the whole packaging. (The same is
true for the storage-daemon.) And if an admin changed the user, his
changes would be undone on every package update, rendering it moot.
Also I wonder how many admins to date even used the possibilty to change
the user and the group. My guess would be: none.
In my opinion we should remove that option from the packages,
simplifying both the init-script and the systemd units.
Right now the admin seems to have the ability to change the user/group
at run-time but in reality it is not possible without rebuilding the
packages from source.
Grüße,
Sven.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 819 bytes
Desc: OpenPGP digital signature
URL: <http://lists.alioth.debian.org/pipermail/pkg-bacula-devel/attachments/20160717/93591302/attachment.sig>
More information about the pkg-bacula-devel
mailing list