FS#33192 - [hefur] Socket /var/run/hefur/control not created (due to permissions?)

Attached to Project: Arch Linux
Opened by Egor Vakhromtsev (vem) - Monday, 24 December 2012, 12:28 GMT
Last edited by Pierre Schmitz (Pierre) - Friday, 15 May 2015, 12:15 GMT
Task Type Bug Report
Category Packages: Extra
Status Closed
Assigned To Pierre Schmitz (Pierre)
Architecture All
Severity Low
Priority Normal
Reported Version
Due in Version Undecided
Due Date Undecided
Percent Complete 100%
Votes 2
Private No



Hefurd not create control socket (/var/run/hefur/control by default).

Steps to reproduce:

1. Install hefur
2. Enable it with systemctl:
# systemctl enable hefurd.service
3. Start hefurd with systemctl:
# systemctl start hefurd.service
4. Check it work. Go to http://localhost:6969/stat
5. Try to run hefurctl. Get error:
$ hefurctl
error: /var/run/hefur/control: No such file or directory

I think hefurd just can't create socket in /run directory because systemd unit sets nobody as hefurd user.
This task depends upon

Closed by  Pierre Schmitz (Pierre)
Friday, 15 May 2015, 12:15 GMT
Reason for closing:  Fixed
Comment by Alexandre Bique (babali) - Wednesday, 26 December 2012, 22:56 GMT
The directory /var/run/hefur/ does not exists.

As a user, you can copy and modify the init script to make sure that hefur will be able to create the control socket.

Also you can ensure what is the failure reason, by stracing hefurd and see why it fails to create the socket (but it probably starts at the missing /var/run/hefur/ directory).
Comment by Alexandre Bique (babali) - Wednesday, 26 December 2012, 23:02 GMT
The folder for transmission is auto created for example, and transmission has a file /usr/lib/tmpfiles.d/transmission.conf, so we may need a similar one for hefur.
Comment by Alexandre Bique (babali) - Wednesday, 26 December 2012, 23:05 GMT
Here is the file which should be installed into /usr/lib/tmpfiles.d/hefur.conf
Comment by Alexandre Bique (babali) - Wednesday, 26 December 2012, 23:11 GMT
By the way hefur is run as nobody right now, but other daemons are run with the same user and so can control hefur through the socket. Maybe for improved security it could be worth to run hefur with a dedicated user account?

I am not a security expert so it is just a question/suggestion.
Comment by Gustavo Alvarez (sl1pkn07) - Sunday, 02 February 2014, 15:40 GMT
any notice of this bug?
Comment by Alexandre Bique (babali) - Sunday, 02 February 2014, 20:51 GMT
Forgot this one, having a look right now.
Comment by Pierre Schmitz (Pierre) - Monday, 03 February 2014, 07:32 GMT
Hmm, I think I started working on this. Don't remember why I stopped though. I need to check once I am back home.
Comment by Alexandre Bique (babali) - Monday, 03 February 2014, 07:46 GMT
I think it would be best to run hefur as hefur:hefur and install the config for the tmpfile /run/hefurd/.
Comment by Gustavo Alvarez (sl1pkn07) - Monday, 03 February 2014, 07:48 GMT
i make some modifications in pkgbuild/services


please test
Comment by Doug Newgard (Scimmia) - Tuesday, 12 May 2015, 16:39 GMT