[Bug 911207] Re: upstart 1.4: setuid/setguid apply to ALL scripts
James Hunt
911207 at bugs.launchpad.net
Fri Jan 6 11:33:42 UTC 2012
Suggestion from Clint is to enhance pre- and post- syntax such that the
setuid and setgid stanzas can also appear in a pre-post section. If they
do, these values are used rather than the "globally" specified
setuid/setgid value. For example:
________________________
# this is the "global" value for setuid. If not overriden, all job processes will run as user 'foo'
setuid foo
pre-start setuid bar script
echo this runs as user 'bar'
end script
post-stop setuid baz exec echo this runs as user 'baz'
exec echo I run as user 'foo'
________________________
This is a very elegant solution to the problem. For now however, it is
possible to work around the limitation by creating a separate .conf file
to handle the pre/post conditions whilst running as root.
** Changed in: upstart (Ubuntu)
Importance: Undecided => Low
** Changed in: upstart
Importance: Undecided => Low
--
You received this bug notification because you are a member of Ubuntu
Foundations Bugs, which is subscribed to upstart in Ubuntu.
https://bugs.launchpad.net/bugs/911207
Title:
upstart 1.4: setuid/setguid apply to ALL scripts
Status in Upstart:
New
Status in “upstart” package in Ubuntu:
New
Bug description:
Upstart 1.4 on Ubuntu Precise from
https://launchpad.net/~jamesodhunt/+archive/upstart-job-logging
-----------------------
My understanding of the setuid/setguid stanza's in upstart 1.4 is that
they should emulate what start-stop-daemon/daemon and suchlike do with
regards to dropping privileges.
At the moment the stanza's apply to all script blocks (not just the
main exec one) which makes it hard to setup /var/run directories etc..
which normally need to be created by root, not the owner of the
application.
To manage notifications about this bug go to:
https://bugs.launchpad.net/upstart/+bug/911207/+subscriptions
More information about the foundations-bugs
mailing list