Bug#807428: csync2: socket activation and running as system user

Dhionel Díaz ddiaz at cenditel.gob.ve
Tue Dec 8 19:01:35 GMT 2015 

Package: csync2
Version: 2.0+73d3293-2
Severity: wishlist
Tags: patch
Usertags: systemd-units
X-Debbugs-Cc: pkg-systemd-maintainers at lists.alioth.debian.org

Dear Maintainer,

The attached patch was prepared to make csync2 a socket activated
service managed with systemd and avoid the use of inetd, it also
configures systemd to run csync2 as a system user. With this approach
the use of root privileges in the synchronization process is avoided
and, if they are required, the cluster admin may enable them with a
drop-in configuration file. Although the use of a system user requires
some care with the ownership of the synchronized files and state
database, I think the benefits of the privilege reduction may be worth
the effort.

The systemd unit files are based on the ones published in
https://github.com/mk-fg/fg_exheres/tree/master/packages/sys-apps/csync2/files/systemd
and the directions received from systemd maintainers have been followed.

Some limited testing has been done in a four node cluster, I hope the
patch can be useful.

Regards,


-- System Information:
Debian Release: 8.2
  APT prefers stable
  APT policy: (900, 'stable'), (500, 'stable-updates')
Architecture: amd64 (x86_64)

Kernel: Linux 3.16.0-4-amd64 (SMP w/8 CPU cores)
Locale: LANG=C.UTF-8, LC_CTYPE=C.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)

Versions of packages csync2 depends on:
ii  adduser              3.113+nmu3
ii  init-system-helpers  1.22
ii  libc6                2.19-18+deb8u1
ii  libgnutls-deb0-28    3.3.8-6+deb8u3
ii  librsync1            0.9.7-10
ii  netbase              5.3

csync2 recommends no packages.

Versions of packages csync2 suggests:
pn  sqlite3  <none>

-- Configuration Files:
/etc/csync2.cfg changed [not included]

-- no debconf information


-- 
Dhionel Díaz
Centro Nacional de Desarrollo e Investigación en Tecnologías Libres
Ministerio del Poder Popular para
Educación Universitaria, Ciencia y Tecnología
-------------- next part --------------
A non-text attachment was scrubbed...
Name: csync2_systemd.patch
Type: text/x-diff
Size: 4220 bytes
Desc: not available
URL: <http://lists.alioth.debian.org/pipermail/pkg-systemd-maintainers/attachments/20151208/8575fc07/attachment.patch>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 819 bytes
Desc: OpenPGP digital signature
URL: <http://lists.alioth.debian.org/pipermail/pkg-systemd-maintainers/attachments/20151208/8575fc07/attachment.sig>

More information about the Pkg-systemd-maintainers mailing list