FS#24095 - [initscripts] rc: error if user is not root or uses sudo

Attached to Project: Arch Linux
Opened by Steffen Weber (boenki) - Wednesday, 04 May 2011, 15:00 GMT
Last edited by Tom Gundersen (tomegun) - Saturday, 18 June 2011, 23:55 GMT
Task Type Bug Report
Category Packages: Core
Status Closed
Assigned To Tobias Powalowski (tpowa)
Thomas Bächler (brain0)
Roman Kyrylych (Romashka)
Tom Gundersen (tomegun)
Architecture All
Severity Low
Priority Normal
Reported Version
Due in Version Undecided
Due Date Undecided
Percent Complete 100%
Votes 0
Private No

Details

Description:
If you execute /sbin/rc without beeing root or using sudo
it will try to start/stop/restart the service.
But that does not work.

Someone may add a check if the user is allowed to do the task
before even trying it.


Additional info:
* package version(s)
Name : initscripts
Version : 2011.04.1-2
This task depends upon

Closed by  Tom Gundersen (tomegun)
Saturday, 18 June 2011, 23:55 GMT
Reason for closing:  Fixed
Comment by Leonid Isaev (lisaev) - Saturday, 07 May 2011, 16:26 GMT
I am not sure what you mean:

~> id -u
1000
~> /sbin/rc
usage: rc action daemon ...

e.g: rc list
rc help
rc start sshd gpm
~> /sbin/rc list
[STARTED][AUTO] alsa
[STOPPED][ ] avahi-daemon
[STOPPED][ ] avahi-dnsconfd
[STARTED][AUTO] cups
[STARTED][AUTO] dbus
[STARTED][AUTO] fcrond
...
Comment by Steffen Weber (boenki) - Saturday, 07 May 2011, 21:18 GMT
The check for root privileges is only required for
starting / stoping a service.

If a normal user tries to start a service it does not work.
So the user rights should be checked before rc tries to start/stop/restart a service.

If the user does not have the required privileges rc should not try to execute the command,
echo something like "Error: You need to use sudo or to be root"
and exit.

eg:
[boenki ~]$ id -u
1000
[boenki ~]$ rc start dbus
:: Starting D-BUS system messagebus [BUSY]
Failed to start message bus: The pid file "/var/run/dbus.pid" exists, if the message bus is not running, remove this file
[FAIL]


Comment by Tom Gundersen (tomegun) - Tuesday, 24 May 2011, 05:10 GMT
Hmmm... It is not obvious what permissions are needed to start/stop a service (apart from the fact that we need write access to /run/daemons, but maybe this restriction could be lifted if we really wanted to), it really depends on the daemon.

I notified Seblu in case he sees a reasonable solution to this. At the moment I do not.

I don't really see the need either though, if you don't have the permissions it will be obvious enough... I'll close as won't implement unless someone proposes an elegant implementation.
Comment by Thomas Bächler (brain0) - Tuesday, 24 May 2011, 06:55 GMT
rc.d scripts are meant to be used as root, so that one is easy.

BTW Tom, you can assign a bug to any bug tracker user, not only developers.
Comment by Tom Gundersen (tomegun) - Tuesday, 24 May 2011, 21:01 GMT
@brain0: if that's the policy, then that makes everything easy. Should be simple to implement. Patches welcome ;-)

I didn't manage to assign the bug to anyone not in the list... but I guess the notification has the same effect.
Comment by Sébastien Luttringer (seblu) - Wednesday, 25 May 2011, 23:48 GMT
/sbin/rc.d is a wrapper around /etc/rc.d/* scripts.
If we want to disallow non-root users to "run" a rc.d script, we should _not_ implement this into /sbin/rc.d but in functions.
Otherwise rc.d start httpd and /etc/rc.d/http start will no longer be equivalent.

Thomas, when you say rc.d should be used as root. You could say the same of pacman. However, it is possible to have access to lots of pacman functions when you are not root.
And it's convenient.

There is no serious reason to refuse to list daemon status (rc.d list) when you are not root. Information is readable in /run by everyone. It's sugar display.

The biggest technical problem i see with a global/generic restriction on user it's about commands other than start / stop / restart / reload, which have a priori need to be root.
For example, some script have an status (eg: rc.d git-daemon status) or whatever, which can be called without being root. if we blocks in rc.d or in functions, we will lost some functionnalities.

Comment by Eric Belanger (Snowman) - Friday, 27 May 2011, 09:44 GMT
I posted a patch on ML: http://mailman.archlinux.org/pipermail/arch-projects/2011-May/000884.html
that take in account all concerns presented in this report.
Comment by Tom Gundersen (tomegun) - Saturday, 18 June 2011, 23:53 GMT
There were lots of good suggestion about how to solve this. I just merged Seblu's solution.

Loading...