Closed
Bug 648982
Opened 13 years ago
Closed 13 years ago
jobqueue.pl should not run as root
Categories
(Bugzilla :: Email Notifications, enhancement)
Tracking
()
RESOLVED
WORKSFORME
People
(Reporter: webmaster, Unassigned)
Details
User-Agent: Mozilla/5.0 (X11; Linux i686; rv:2.0) Gecko/20100101 Firefox/4.0 Build Identifier: Bugzilla 4 I've been running jobqueue.pl as my Apache web user and it works just fine. However, checksetup.pl insists on changing the permissions so that only root can run it, which is annoying. IMO we shouldn't run stuff as root unless we need to. These are the two files that I need to change permissions to make this happen. -rwx------ 1 root [mywebgroup] 2881 Sep 4 2009 jobqueue.pl -rw-r--r-- 1 root [mywebgroup] 6 Apr 11 08:57 data/jobqueue.pl.pid Reproducible: Always Steps to Reproduce: 1. change permissons on jobqueue files to run as non-root 2. run checksetup.pl 3. repeat
Comment 1•13 years ago
|
||
You actually can run it as a non-root user: ./jobqueue.pl install vim /etc/sysconfig/bugzilla-queue That works at least on CentOS (and probably also on SuSE). It allows you to specify what user it should run as. As long as the user is in the webservergroup, you should be fine.
Status: UNCONFIRMED → RESOLVED
Closed: 13 years ago
Resolution: --- → WORKSFORME
Support for this seems shoddy at best; but I'll figure it out. Thanks. This is what I get on SLES: # ./jobqueue.pl install insserv: Service MTA has to be enabled for service bugzilla-queue insserv: Service mysqld has to be enabled for service bugzilla-queue insserv: exiting now! /sbin/insserv failed, exit code 1 bugzilla-queue 0:off 1:off 2:off 3:off 4:off 5:off 6:off bugzilla-queue installed. To start the daemon, do "/etc/init.d/bugzilla-queue start" as root. # /etc/init.d/bugzilla-queue start /etc/init.d/bugzilla-queue: line 54: /etc/rc.d/init.d/functions: No such file or directory /etc/init.d/bugzilla-queue: line 66: checkpid: command not found Starting bugzilla-queue: /etc/init.d/bugzilla-queue: line 71: daemon: command not found
Comment 3•13 years ago
|
||
Okay. That's supposed to work on SLES, at least as of 4.0, but I didn't test it because I don't have an SLES machine. Do you think you'd be capable of figuring out what's wrong there and submitting a patch? At least filing a bug would be good. (If this is an old SLES, though, it may simply be an issue that we don't support it.)
Would it be possible to reopen this? My proposed fix would be to simply change the permissions on jobqueue.pl to 750, since checksetup already sets the group as the web server. This would allow (and perhaps encourage) jobqueue.pl to run as anything but root.
(In reply to Denis Roy from comment #4) > Would it be possible to reopen this? My proposed fix would be to simply > change the permissions on jobqueue.pl to 750, since checksetup already sets > the group as the web server. > > This would allow (and perhaps encourage) jobqueue.pl to run as anything but > root. Pretty please? I hate running stuff as root and I've been running jobqueue.pl for years as my web user.
You need to log in
before you can comment on or make changes to this bug.
Description
•