Community Packages

Please read this before reporting a bug:
http://wiki.archlinux.org/index.php/Reporting_Bug_Guidelines

Do NOT report bugs when a package is just outdated, or it is in Unsupported. Use the 'flag out of date' link on the package page, or the Mailing List.

REPEAT: Do NOT report bugs for outdated packages!
Tasklist

FS#67487 - [icecast] wrong nobody uid/gid for /var/log/icecast (99 vs 65534)

Attached to Project: Community Packages
Opened by ux (ubitux) - Tuesday, 04 August 2020, 17:20 GMT
Last edited by David Runge (dvzrv) - Thursday, 06 August 2020, 08:46 GMT
Task Type Bug Report
Category Packages
Status Closed
Assigned To David Runge (dvzrv)
Architecture All
Severity High
Priority Normal
Reported Version
Due in Version Undecided
Due Date Undecided
Percent Complete 100%
Votes 0
Private No

Details

Icecast package deploys /var/log/icecast with uid and gid 99 instead of the currently default 65534 for nobody. This prevents icecast from starting up.

Workaround: chown nobody:nobody /var/log/icecast

Note: this may be related to https://bugs.archlinux.org/task/56828
This task depends upon

Closed by  David Runge (dvzrv)
Thursday, 06 August 2020, 08:46 GMT
Reason for closing:  Fixed
Additional comments about closing:  Using nobody user/group is discouraged and since 2.4.4-2 the package ships a service that runs as a separate unprivileged user.
Comment by David Runge (dvzrv) - Thursday, 06 August 2020, 08:45 GMT
@ubitux: Thanks for the bug report.

I have just worked on the package and hardened the systemd service. I have removed the patch to the upstream configuration file, that forced a user change.
It is absolutely not advised to run a system service as root and then drop its privileges to the special user nobody.

The package now adds a new user (icecast) and runs the service as that. I will also update the wiki.

Loading...