Bug 431196 - qpidd should not run as root by default.
qpidd should not run as root by default.
Status: CLOSED CURRENTRELEASE
Product: Red Hat Enterprise MRG
Classification: Red Hat
Component: qpid-cpp (Show other bugs)
beta
All Linux
high Severity high
: ---
: ---
Assigned To: Nuno Santos
Kim van der Riet
:
Depends On: 431135
Blocks:
  Show dependency treegraph
 
Reported: 2008-02-01 09:28 EST by Alan Conway
Modified: 2013-09-12 18:09 EDT (History)
1 user (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed:
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:


Attachments (Terms of Use)

  None (edit)
Description Alan Conway 2008-02-01 09:28:09 EST
Description of problem:

For security reasons qpidd should not run as root by default.

Solution:

The RPM installer for qpidd should 
 - create user qpidd
 - create default data dir /var/lib/qpidd owned by qpidd, writable by owner only
(readable also?)

The qpidd init script should run qpidd as the qpidd user.

Depends on https://bugzilla.redhat.com/show_bug.cgi?id=431135 (defines data dir
location)
Comment 1 Lana Brindley 2008-02-03 23:57:48 EST
Documents currently instruct users to run rhmd (qpidd) as root. When this
problem is resolved, the docs will need to be updated accordingly. Adding myself
to the CC list. LKB
Comment 2 Nuno Santos 2008-04-01 11:45:32 EDT
Fixed at svn revision 643442: added user "qpidd" and modified init script to
start the qpidd daemon under that user.
Comment 3 Mike Bonnet 2008-05-16 11:08:16 EDT
qpidc-0.2.656926-1.el5, qpidd-0.2.656926-1.el5, and rhm-0.2.2058-1.el5 have been pushed to the staging repo for testing
Comment 4 Lana Brindley 2008-07-17 01:04:58 EDT
Nuno,

Can I please have updated instructions for documentation?

Cheers,
LKB
Comment 5 Nuno Santos 2008-07-17 13:15:20 EDT
Lana:

When using the init script (via "service qpidd start"), the daemon will be
started under the qpidd user, so there should be no changes there.

When starting on the command line (eg, when logged in as root), there are two
options: 
- use sudo, like:
  sudo -u qpidd <qpidd + args>

- use runuser, like:
  runuser -s /bin/sh qpidd -c "<qpidd + args>"

where <qpidd + args> would be the command line you'd use before.

Nuno

Note You need to log in before you can comment on or make changes to this bug.