Bug#779708: Client for updating dynamic hostname mappings for dy.fi
Eugene Zhukov <jevgeni.zh@gmail.com> writes:
>> 2) Does the service really need to run as root?
>>
> No, and this is even mentioned in upstream readme. It needs to create
> a pid file though. Any hint/pointer on how to change the packaging to
> not run it as root?
You probably need to create a new user in the packaging. Then modify the
daemon to implement --user <username> option that drops the privileges
after writing the pid file and reading the configuration file. Quick
google finds
http://search.cpan.org/~tlbdk/Privileges-Drop-1.03/lib/Privileges/Drop.pm
which seems to be in debian as libprivileges-drop-perl.
>> db_get dyfi/password
>> sed -i "s/^Password.*/Password $RET/" /etc/dyfi-update.conf
>>
>> in debian/postinst let all local users to see the password if they type
>> "ps axuf" at the right moment?
> Probably, but do I need to care about that? The targeted audience of
> the service is home or small office I assume.
That of course depends on the situation indeed.
Reply to: