Page MenuHomePhorge

setuid/setgid effective permissions for running process(es)
Open, NormalPublic

Description

Guam is currently started as root, because the filesystem POSIX permissions on certificates, and the ports to which to bind to, are privileged.

The intention is to read in the certificates and keys with privileges, at startup, bind to the necessary ports, and drop privileges handling the actual connections.

In another model (httpd), the listener process maintain their privileges so they are the only processes eligible to write to log files (and not the individual child process that serves the visitor request).

Details

Ticket Type
Task

Event Timeline

vanmeeuwen raised the priority of this task from to 60.
vanmeeuwen updated the task description. (Show Details)
vanmeeuwen added projects: Guam, Kolab 16, Winterfell.
vanmeeuwen changed Ticket Type from Task to Task.
vanmeeuwen subscribed.

Wouldn't it make more sense to use [CapabilityBoundingSet=](https://www.freedesktop.org/software/systemd/man/systemd.exec.html#CapabilityBoundingSet=) instead and keep it running as guam user?

An alternative could be to use setcap instead of suid - suid is a rather "brute-force" approach which has to rely on the process properly dropping its privileges on its own, while CapabilityBoundingSet=/setcap allow to selectively assign privileges to a binary (setcap) or process (CapabilityBoundingSet=).

vanmeeuwen lowered the priority of this task from 60 to Normal.Mar 28 2019, 8:13 AM