Root writing to a dir owned by a user
| Task Info (Flyspray) | |
|---|---|
| Opened By | Doug Newgard (Scimmia) |
| Task ID | 57456 |
| Type | Bug Report |
| Project | Community Packages |
| Category | Packages |
| Version | None |
| OS | All |
| Opened | 2018-02-10 07:16:07 UTC |
| Status | Assigned |
| Assignee | Santiago Torres (sangy) |
Details
The tmpfiles entry in this package creates /run/munin/ as owned by munin:munin, but then the service files run the daemons as root, causing the PID files to be written as root to a dir owned by a user. This is a security risk and systemd has disabled this in the current version, but relaxed them a bit as too many daemons do the wrong thing here. See https://github.com/systemd/systemd/issues/8085
The service files should either be run as the user or the dir should be owned by root:root.