#642 Clarify in the packaging guidelines that the "nobody" user is not OK to use for system daemons
Closed: Fixed None Opened 2 years ago by lennart.

I am pretty sure the packaging guideliness should say very clearly that it is not OK for daemons packaged for Fedora to run as "nobody" user, and instead all packages that need a system user should register their own.

Why? because all services running as "nobody" can access each other's resources.

Also see discussion around here:

https://lists.fedoraproject.org/archives/list/devel@lists.fedoraproject.org/thread/Q5GCKZ7Q7PAUQW66EV7IBJGSRJWYXBBH/

Not sure how the wording should be looking like precisely, but maybe something as simple as this would suffice:

"System services packaged for Fedora may not use run as the 'nobody' user, but must allocate their own system user to run as".


{{{

/usr/lib/systemd/system/distccd.service

[Unit]
Description=Distccd A Distributed Compilation Server
After=network.target

[Service]
User=nobody
...
}}}

Also
{{{
USER PID %CPU %MEM VSZ RSS TTY STAT START TIME COMMAND
nobody 2179 0.0 0.0 51132 896 ? S May31 0:01 /sbin/dnsmasq --conf-file=/var/lib/libvirt/dnsmasq/default.conf --leasefile-ro --dhcp-script=/usr/libexec/libvirt_leaseshelper
}}}
This dnsmasq is started by libvirt.service.

In case I miss the meeting, I'm 100% behind this but I'm not entirely sure where in the guidelines this should actually go. Probably immediately under https://fedoraproject.org/wiki/Packaging:Guidelines#Users_and_Groups

We discussed this at this weeks meeting (http://meetbot.fedoraproject.org/fedora-meeting-1/2016-08-11/fpc.2016-08-11-16.00.txt):

  • 642 Clarify in the packaging guidelines that the "nobody" user is


    not OK to use for system daemons (geppetto, 16:19:29)
  • ACTION: Clarify guidelines to not use "nobody" userid for daemons
    (+1:7, 0:0, -1:0) (geppetto, 16:25:02)

Metadata Update from @tibbs:
- Issue assigned to tibbs

2 years ago

Login to comment on this ticket.

Metadata