Menu
▾
▴
[Wrapper-user] Run as user and privilege separation
|
From: Farkas L. <lf...@lf...> - 2014-04-07 23:21:25
|
We like to replace jsvc (http://commons.apache.org/proper/commons-daemon/jsvc.html) with java service wrapper but we've got a few comments/problems. First of all (IMHO) run as user is not usable in the current form most of the case. The idea behind not to run a service as root is not mean that we just run as a different user. Look at all other system services (eg apache). There is a parent process running as root and it'll do all the root required tasks eg lock file, pid file, log files and then create a child process with the given user. But you create _both_ process running as the same user. Of course in this case the lock pid and log file creation also problematic. What more you run the parent process with runuser or su which requires valid shell eg: /sbin/nologin cannot be used for a given user which used to be the case for a service. Since the main reason to not as root that the given user don't have login shell and has less privileges. To be valid login shell for a service is a potential security risk. These two things used in the past few decades and none of them can be used with this wrapper. For an implementation see jsvc's source. Another side note that even if I put wrapper.so into the system library path eg /usr/lib and do not set the value of the wrapper.java.library.path in the wrapper.conf wrapper can't find it. why? imho it'd have to be the default to search for it in the system library path...but it seems that if i uncomment this variable: -Djava.library.path=./ probably it'd be better not to set anything in this case. it's possible to set an environment variable as wrapper.java.classpath.1, but in this case we always got this error/warning: Classpath element, wrapper.java.classpath.1, does not exist even it's working it's very annoying. regards. -- Levente "Si vis pacem para bellum!" |
