Please read this before reporting a bug:
https://wiki.archlinux.org/title/Bug_reporting_guidelines
Do NOT report bugs when a package is just outdated, or it is in the AUR. Use the 'flag out of date' link on the package page, or the Mailing List.
REPEAT: Do NOT report bugs for outdated packages!
https://wiki.archlinux.org/title/Bug_reporting_guidelines
Do NOT report bugs when a package is just outdated, or it is in the AUR. Use the 'flag out of date' link on the package page, or the Mailing List.
REPEAT: Do NOT report bugs for outdated packages!
FS#24358 - [ushare] should not be run as root
Attached to Project:
Community Packages
Opened by Andreas Radke (AndyRTR) - Friday, 20 May 2011, 09:52 GMT
Last edited by Sergej Pupykin (sergej) - Thursday, 07 July 2011, 10:51 GMT
Opened by Andreas Radke (AndyRTR) - Friday, 20 May 2011, 09:52 GMT
Last edited by Sergej Pupykin (sergej) - Thursday, 07 July 2011, 10:51 GMT
|
DetailsDescription:
ushare is currently packaged to run as root. this is a potential security leak. please change the package to run it as an unprivileged user. (see our other daemon packages, the wiki page for user/group numbers and maybe the Fedora pkg spec file how they do it) Additional info: * package version(s) * config and/or log files etc. Steps to reproduce: |
This task depends upon
At least sudo dependency is missing in the current solution and so the rc.d script fails to work.
fedora adds user on install and do 'daemon --user ushare ...' which calls su or sudo I think.
Now I have a ushare user in my login manager + I'm not able to use ushare as "ushare" user because it doesn't have permissions to read my media content (because it is not part of users).
I think that at leaste -s /sbin/nologin must be added to the useradd command (from the fedora package) and some other fixes that I can't get now needs to be done to get ushare working.
/etc/conf.d/ushare contains USHARE_USER variable