[Pkg-matrix-maintainers] Bug#1055444: matrix-synapse: should user the --group option when running adduser from postinst

Russell Coker russell at coker.com.au
Mon Nov 6 11:20:00 GMT 2023 

Package: matrix-synapse
Version: 1.95.1-1
Severity: normal

When adduser is run without the --group option the group used is "nogroup"
which means that multiple daemons may share the same group and be able to
inappropriately interact with each other.  If the --group option is used then
it gets a private group and restricts this possible method of communication.

-- System Information:
Debian Release: 12.2
Architecture: amd64 (x86_64)

Kernel: Linux 6.1.0-13-amd64 (SMP w/2 CPU threads; PREEMPT)
Locale: LANG=en_AU.UTF-8, LC_CTYPE=en_AU.UTF-8 (charmap=UTF-8), LANGUAGE not set
Shell: /bin/sh linked to /usr/bin/dash
Init: unable to detect

Versions of packages matrix-synapse depends on:
ii  adduser                    3.134
ii  debconf [debconf-2.0]      1.5.82
ii  init-system-helpers        1.65.2
ii  libc6                      2.36-9+deb12u3
ii  libgcc-s1                  12.2.0-14
ii  libjs-jquery               3.6.1+dfsg+~3.5.14-1
ii  lsb-base                   11.6
ii  python3                    3.11.2-1+b1
ii  python3-attr               22.2.0-1
ii  python3-bcrypt             3.2.2-1
ii  python3-bleach             5.0.1-2
ii  python3-canonicaljson      2.0.0-2
ii  python3-cryptography       38.0.4-3
ii  python3-distutils          3.11.2-3
ii  python3-ijson              3.2.0-1
ii  python3-immutabledict      2.2.5-1
ii  python3-jinja2             3.1.2-1
ii  python3-jsonschema         4.10.3-1
ii  python3-lxml               4.9.2-1+b1
ii  python3-matrix-common      1.3.0-2
ii  python3-msgpack            1.0.3-2+b1
ii  python3-netaddr            0.8.0-2
ii  python3-openssl            23.0.0-1
ii  python3-packaging          23.0-1
ii  python3-phonenumbers       8.12.57-4
ii  python3-pil                9.4.0-1.1+b1
ii  python3-prometheus-client  0.16.0-0.1
ii  python3-psycopg2           2.9.5-1+b1
ii  python3-pyasn1             0.4.8-3
ii  python3-pyasn1-modules     0.2.8-1
ii  python3-pydantic           1.10.4-1
ii  python3-pymacaroons        0.13.0-6
ii  python3-service-identity   18.1.0-8
ii  python3-signedjson         1.1.1-2
ii  python3-sortedcontainers   2.4.0-2
ii  python3-systemd            235-1+b2
ii  python3-treq               22.2.0-0.1
ii  python3-twisted            22.4.0-4
ii  python3-typing-extensions  4.4.0-1
ii  python3-unpaddedbase64     2.1.0-2
ii  python3-yaml               6.0-3+b2
ii  sysvinit-utils [lsb-base]  3.06-4

Versions of packages matrix-synapse recommends:
pn  matrix-synapse-ldap3  <none>
pn  python3-pympler       <none>

Versions of packages matrix-synapse suggests:
pn  python3-authlib  <none>
ii  python3-jwt      2.6.0-1

-- Configuration Files:
/etc/matrix-synapse/homeserver.yaml [Errno 13] Permission denied: '/etc/matrix-synapse/homeserver.yaml'
/etc/matrix-synapse/log.yaml [Errno 13] Permission denied: '/etc/matrix-synapse/log.yaml'

-- debconf-show failed

More information about the Pkg-matrix-maintainers mailing list