Bug#469729: Run yate as non-root and use cap_sys_nice for thread priority
Paul Chitescu
paulc at voip.null.ro
Sun Jul 8 19:42:32 UTC 2012
On Friday 06 July 2012 10:07:10 pm Jeroen Dekkers wrote:
> tags 469729 +patch
> thanks
>
> The attached patch makes yate run as the user yate. Yate is given the
> cap_sys_nice capability so it is still able to change the thread
> priority. The ulimit changes can be done by changing the limit for the
> yate user in /etc/security/limits.conf, we don't need to give yate
> root permissions for that. So as far as I can see any concerns voiced
> in the bug report has been taking care of.
Hi!
This is the best solution as it offers the minimal rights needed by the
program - and dropping caps after start won't help anyway.
Note that the yate user should belong to the group that has access to the
DAHDI devices. I'm not sure how to do that so it doesn't cause a conflict.
Paul
More information about the Pkg-voip-maintainers
mailing list