FS#36403 : [redis] don't run it as root

FS#36403 - [redis] don't run it as root

Attached to Project: Community Packages
Opened by Damjan Georgievski (damjan) - Saturday, 03 August 2013, 21:19 GMT
Last edited by Sergej Pupykin (sergej) - Monday, 05 August 2013, 10:17 GMT

Task Type	Feature Request
Category	Packages
Status	Closed
Assigned To	Sergej Pupykin (sergej)
Architecture	All
Severity	Low
Priority	Normal
Reported Version
Due in Version	Undecided
Due Date	Undecided
Percent Complete
Votes	0
Private	No

Details

By default the systemd service file that comes with this package runs the service as root. That's not recommended in the redis docs too (http://redis.io/topics/security).

I suggest making a redis system user and running the service as that user. Something like:

post_install() {
datadir=var/lib/redis
groupadd --system redis &>/dev/null
useradd --system -g redis -d $datadir -s /bin/false redis &>/dev/null
if [[ ! -e $datadir ]]; then
install -dm700 -o redis -g redis $datadir
fi
}

This task depends upon

Closed by Sergej Pupykin (sergej)
Monday, 05 August 2013, 10:17 GMT
Reason for closing: Fixed

	Tasks related to this task (0)

Duplicate tasks of this task (0)

Arch Linux

FS#36403 - [redis] don't run it as root

Details

Loading...