[Python-apps-team] Bug#832758: irkerd.service runs irkerd as root (should run as user "irker")
anarcat at debian.org
Mon Sep 12 16:15:55 UTC 2016
Control: tags -1 +pending
Control: forwarded https://gitlab.com/esr/irker/merge_requests/15
The following patch should fix that problem:
Author: Antoine Beaupré <anarcat at debian.org>
Date: Mon Sep 12 12:01:44 2016 -0400
run daemon as the irker user (Close: #832758)
this is an improvement upon the default .service file. it requires a
irker user to be created, something which is automatically handled by
the debian package, but should be handled by other distributions when
deploying the .service file.
there are obvious dangers in running irkerd as root: a compromise
would be catastrophic, and since it runs on public servers that are
traditionnally pretty hostile (IRC), it seems critical that rights of
the daemon be limited.
diff --git a/irkerd.service b/irkerd.service
index d19378b..82f39b0 100644
@@ -7,6 +7,7 @@ Requires=network.target
I have forwarded it upstream as well.
-------------- next part --------------
A non-text attachment was scrubbed...
Size: 819 bytes
Desc: Digital signature
More information about the Python-apps-team