Description of problem: For security reasons qpidd should not run as root by default. Solution: The RPM installer for qpidd should - create user qpidd - create default data dir /var/lib/qpidd owned by qpidd, writable by owner only (readable also?) The qpidd init script should run qpidd as the qpidd user. Depends on https://bugzilla.redhat.com/show_bug.cgi?id=431135 (defines data dir location)
Documents currently instruct users to run rhmd (qpidd) as root. When this problem is resolved, the docs will need to be updated accordingly. Adding myself to the CC list. LKB
Fixed at svn revision 643442: added user "qpidd" and modified init script to start the qpidd daemon under that user.
qpidc-0.2.656926-1.el5, qpidd-0.2.656926-1.el5, and rhm-0.2.2058-1.el5 have been pushed to the staging repo for testing
Nuno, Can I please have updated instructions for documentation? Cheers, LKB
Lana: When using the init script (via "service qpidd start"), the daemon will be started under the qpidd user, so there should be no changes there. When starting on the command line (eg, when logged in as root), there are two options: - use sudo, like: sudo -u qpidd <qpidd + args> - use runuser, like: runuser -s /bin/sh qpidd -c "<qpidd + args>" where <qpidd + args> would be the command line you'd use before. Nuno