Please read this before reporting a bug:
https://wiki.archlinux.org/title/Bug_reporting_guidelines
Do NOT report bugs when a package is just outdated, or it is in the AUR. Use the 'flag out of date' link on the package page, or the Mailing List.
REPEAT: Do NOT report bugs for outdated packages!
https://wiki.archlinux.org/title/Bug_reporting_guidelines
Do NOT report bugs when a package is just outdated, or it is in the AUR. Use the 'flag out of date' link on the package page, or the Mailing List.
REPEAT: Do NOT report bugs for outdated packages!
FS#36403 - [redis] don't run it as root
Attached to Project:
Community Packages
Opened by Damjan Georgievski (damjan) - Saturday, 03 August 2013, 21:19 GMT
Last edited by Sergej Pupykin (sergej) - Monday, 05 August 2013, 10:17 GMT
Opened by Damjan Georgievski (damjan) - Saturday, 03 August 2013, 21:19 GMT
Last edited by Sergej Pupykin (sergej) - Monday, 05 August 2013, 10:17 GMT
|
DetailsBy default the systemd service file that comes with this package runs the service as root. That's not recommended in the redis docs too (http://redis.io/topics/security).
I suggest making a redis system user and running the service as that user. Something like: post_install() { datadir=var/lib/redis groupadd --system redis &>/dev/null useradd --system -g redis -d $datadir -s /bin/false redis &>/dev/null if [[ ! -e $datadir ]]; then install -dm700 -o redis -g redis $datadir fi } |
This task depends upon