Root writing to a dir owned by a user
Task Info (Flyspray) | |
---|---|
Opened By | Doug Newgard (Scimmia) |
Task ID | 57456 |
Type | Bug Report |
Project | Community Packages |
Category | Packages |
Version | None |
OS | All |
Opened | 2018-02-10 07:16:07 UTC |
Status | Assigned |
Assignee | Santiago Torres (sangy) |
Details
The tmpfiles entry in this package creates /run/munin/ as owned by munin:munin, but then the service files run the daemons as root, causing the PID files to be written as root to a dir owned by a user. This is a security risk and systemd has disabled this in the current version, but relaxed them a bit as too many daemons do the wrong thing here. See https://github.com/systemd/systemd/issues/8085
The service files should either be run as the user or the dir should be owned by root:root.