Hi I discovered that debian (etch) has uptimed running as user "daemon" whereas on gentoo it runs as "root". Changing that is fairly easy and thinking with security in mind i suggest this should be changed. I was able to achieve it just by --8<-- chown -R daemon:daemon /var/spool/uptimed --8<-- and patching the initscript to start uptimed as daemon: --8<-- start-stop-daemon --quiet --start --user daemon --chuid daemon --pidfile /var/run/uptimed --exec /usr/sbin/uptimed --8<-- Thanks
Georg, could you attach a patch of your changed init-script, please? Reassigning to maintainer.
Created attachment 175732 [details] uptimed init-script added patch for uptimed init-script. I've had to remove the pidfile option (daemon cannot write to /var/run), but it works without it.
I'd prefer to run it as its own user, to be honest.
Created attachment 177359 [details, diff] uptimed.diff Alright, let's try to make your wishes come true, Raúl :) With this patch applied to the init script, we can still rely on the pidfile for start-stop-daemon on stop. I've tested this with start-stop-daemon from baselayout-1* and openrc-0.4.1-r1. Please note that uptimed needs its own directory inside of /var/run for being able to create the pidfile. I will ataach an ebuild patch which takes care of this.
Created attachment 177361 [details, diff] uptimed-0.3.16.ebuild.diff * added pkg_setup() with calls to enew{grup,user} for creating the uptimed user. * changed ownership of /var/sppol/uptimed as is needs to be writeable by uptimed user * create a /var/run/uptimed directory so uptimed is able to create its pidfile as user uptimed as well. One problem with this patch is that if you upgrade from a previous installation of uptimed, the ownership of /var/spool/uptimed and its content remains as root. Needless to say that uptimed refuses to run when it cannot touch its own files inside of /var/spool/uptimed. Maybe some einfo-message in pkg_postinst() could take care of this.
Created attachment 177367 [details, diff] uptimed.diff Whoops, my previous diff was against an unfinished version of the script. Here's the finished one...
Created attachment 177435 [details, diff] uptimed.diff --user and --chuid are the same in openrc's start-stop-daemon but not in the one from baselayout-1*. The --user option from baselayout-1* doesn't change the UID of daemons on start but --chuid does. This patch adds --chuid to s-s-d on start and --user to s-s-d on stop. Again tested with s-s-d from both packages.
In CVS :)
