FS#14142 - [deluge] System daemon runs as root , uses user-specific settings

Attached to Project: Arch Linux
Opened by Nezmer (Nezmer) - Wednesday, 08 April 2009, 22:50 GMT
Last edited by Ionut Biru (wonder) - Monday, 11 January 2010, 19:37 GMT
Task Type Bug Report
Category Packages: Extra
Status Closed
Assigned To Hugo Doria (hdoria)
Architecture All
Severity Medium
Priority Normal
Reported Version
Due in Version Undecided
Due Date Undecided
Percent Complete 100%
Votes 1
Private No

Details

Description:
Discussion :
http://bbs.archlinux.org/viewtopic.php?pid=531649

I qoute myself :
"If you run deluged from terminal logged in with your user or start the daemon from within deluge , It will run under your user name .

The latest deluge Arch update added an option to start deluged from '/etc/rc.d/deluged' . The post-install note suggests that this daemon will run with the user 'deluge' and will download to '/home/deluge' . That setup would suggest also that the settings are reseted and a fresh profile would be created specific for the 'deluge' user . The daemon should be system-wide serving all users .

In practice , the daemon is running as root and the previous user-specific settings are preserved ."

Additional info:
* package version(s)
deluge 1.1.6-1

Steps to reproduce:
1) If you already use deluge , then settings are saved in '/home/<username>/.config/deluge' .
2) '/etc/rc.d/deluge start' :
a) The daemon will run a process owned by root .
b) The previous user settings will be used instead of creating new settings for the "deluge" user .
   . (0 KiB)
This task depends upon

Closed by  Ionut Biru (wonder)
Monday, 11 January 2010, 19:37 GMT
Reason for closing:  Implemented
Additional comments about closing:  1.2.0. Default user is deluge and users have possibility to change it in /etc/conf.d/deluge
Comment by Diego (wishmechaos) - Wednesday, 15 April 2009, 19:55 GMT
I got the message deluge would download to /srv/deluge instead of /home. However, the rc.d script is failing to start the daemon at all, and I don't see any mentions of it in /var/log . There should be a way to specify under which user deluged runs. Is there any way to get debug information,s o I can report why it isn't loading?

Thanks.
Comment by Nezmer (Nezmer) - Wednesday, 15 April 2009, 23:09 GMT
The package was worked on since I reported the bug (current 1.1.6-3) . But the issues are still present the last time I checked (Daemon running as root and using an existing user configuration) .

@ Diego
I have no idea why the daemon is not starting for you . Maybe you had a user daemon running before ?
Comment by Diego (wishmechaos) - Thursday, 16 April 2009, 02:29 GMT
@ Nezmer: After rebooting I realized deluged was actually running (and as root), but the deluge GUI did not see and was not able to connect to the daemon. I mistakenly assumed it wasn't running. I don't remember configuring it in a non-standard port, so I can't imagine why it cannot connect.
Comment by Drew (frob) - Sunday, 31 May 2009, 09:46 GMT
@Diego
In the month and a half or so it's been, you may have figured this out, but you'll need to copy /root/.config/deluge/auth to the home directory for the webui (yours, most likely) for it to work properly. This applies to the console and gtk UIs as well, as far as I know.

I noticed the only way to start the rc script properly is as root (which is typical), and deluge then decides to run as root, without ever dropping its privileges to the deluge user. I believe using 'su deluge -c deluged' as the command should solve this (mostly).

How you would work out the rc script in a multi-user environment would require hacking the rc script either to include each user explicitly (bad), or to hack the rc script to load deluged for each user listed in some file (better), or in the 'deluge' group (possibly the best), or even a combination of the last two.

Hopefully somebody will read this and adapt the rc file for the privilege-dropping soon, and maybe even the last option.
Comment by Drew (frob) - Monday, 08 June 2009, 09:21 GMT
I decided to add multi-user to the rc script myself. I attached the patch. I haven't tested it yet with multiple users, but as long as deluge runs on unique ports for each user, it should work just fine. I've already e-mailed this to the package maintainer. The only requirement aside from actually applying the patch is adding DELUGE_USERS=(user1,user2,!user3,...) to rc.conf. In that short example, deluged won't start for user3 (the exclamation mark tells the rc script that).

Because of the rc script forces deluged to start as a certain user, only users that can login can run deluged through that rc script, so adding 'deluge' to DELUGE_USERS doesn't work correctly, unless you make the deluge user a login-user, or adapt the rc script to use sudo -u $user /usr/bin/deluged instead of su - $user -c /usr/bin/deluged. This is mostly a workaround until deluged can drop its privileges on its own, I guess, or some other alternative works (sudo works, I just don't like the dependancy).

One last note about the patch: Only root can start/stop deluged for certain users (yeah, I know, it's stupid). Technically, a user can stop the deluged process through the rc script, but the other files rc scripts use (/var/run/deluged-$user.pid and /var/run/daemons/deluged-$user) are owned by root, so they can't be removed by the rc script like they're supposed to be.
Comment by Jan Alexander Steffens (heftig) - Thursday, 10 December 2009, 20:28 GMT
I believe rc.d/deluged should start deluged using "su -c /usr/bin/deluged deluge"

Loading...