View Issue Details
| ID | Project | Category | View Status | Date Submitted | Last Update |
|---|---|---|---|---|---|
| 0000038 | easycwmp | Help | public | 2015-02-24 11:52 | 2015-02-26 10:24 |
| Reporter | tomdjpn | Assigned To | mohamed.kallel | ||
| Priority | normal | Severity | minor | Reproducibility | always |
| Status | resolved | Resolution | no change required | ||
| OS | Debian Jessie | ||||
| Summary | 0000038: Can't run easycwmpd as non-root user | ||||
| Description | Is it possible to run easycwmpd (the daemon) as a non-root user? I would like to do this for obvious security reasons. I've tried getting ubusd running as the same non-root user (works fine), giving full permissions on the entire /opt/dev/easycwmp folder, adding execute rights for scripts in the dependencies, giving write access to /var/log/syslog etc etc, but easycwmpd resolutely refuses to run unless root user. Nothing is written to any log file as far as I can see, so it's hard to diagnose further. (easycwmp the script works fine - it's just the daemon that won't run). | ||||
| Steps To Reproduce | as above | ||||
| Tags | No tags attached. | ||||
|
|
Looking at the source, I note main() does a check of the UID and fails if not 0 (root). This is understandable because daemon needs capabilities e.g. to open socket. Could it be imagined to do something similar to apache/nginx where the master process runs as root but the workers are non-root? |
|
|
You can run as non root only if you have permission on your non-root user to use sockets. And also you need permissions to create file under /var/run |
| Date Modified | Username | Field | Change |
|---|---|---|---|
| 2015-02-24 11:52 | tomdjpn | New Issue | |
| 2015-02-25 05:39 | tomdjpn | Note Added: 0000128 | |
| 2015-02-25 10:42 | mohamed.kallel | Note Added: 0000130 | |
| 2015-02-25 16:38 | mohamed.kallel | Category | Bug => Help |
| 2015-02-25 16:43 | mohamed.kallel | Priority | high => normal |
| 2015-02-25 16:43 | mohamed.kallel | Severity | major => minor |
| 2015-02-26 10:24 | mohamed.kallel | Status | new => resolved |
| 2015-02-26 10:24 | mohamed.kallel | Resolution | open => no change required |
| 2015-02-26 10:24 | mohamed.kallel | Assigned To | => mohamed.kallel |
