Red Hat Bugzilla – Bug 431196
qpidd should not run as root by default.
Last modified: 2013-09-12 18:09:39 EDT
Description of problem:
For security reasons qpidd should not run as root by default.
The RPM installer for qpidd should
- create user qpidd
- create default data dir /var/lib/qpidd owned by qpidd, writable by owner only
The qpidd init script should run qpidd as the qpidd user.
Depends on https://bugzilla.redhat.com/show_bug.cgi?id=431135 (defines data dir
Documents currently instruct users to run rhmd (qpidd) as root. When this
problem is resolved, the docs will need to be updated accordingly. Adding myself
to the CC list. LKB
Fixed at svn revision 643442: added user "qpidd" and modified init script to
start the qpidd daemon under that user.
qpidc-0.2.656926-1.el5, qpidd-0.2.656926-1.el5, and rhm-0.2.2058-1.el5 have been pushed to the staging repo for testing
Can I please have updated instructions for documentation?
When using the init script (via "service qpidd start"), the daemon will be
started under the qpidd user, so there should be no changes there.
When starting on the command line (eg, when logged in as root), there are two
- use sudo, like:
sudo -u qpidd <qpidd + args>
- use runuser, like:
runuser -s /bin/sh qpidd -c "<qpidd + args>"
where <qpidd + args> would be the command line you'd use before.