FS#67487 - [icecast] wrong nobody uid/gid for /var/log/icecast (99 vs 65534)
Attached to Project:
Community Packages
Opened by ux (ubitux) - Tuesday, 04 August 2020, 17:20 GMT
Last edited by David Runge (dvzrv) - Thursday, 06 August 2020, 08:46 GMT
Opened by ux (ubitux) - Tuesday, 04 August 2020, 17:20 GMT
Last edited by David Runge (dvzrv) - Thursday, 06 August 2020, 08:46 GMT
|
Details
Icecast package deploys /var/log/icecast with uid and gid 99
instead of the currently default 65534 for nobody. This
prevents icecast from starting up.
Workaround: chown nobody:nobody /var/log/icecast Note: this may be related to https://bugs.archlinux.org/task/56828 |
This task depends upon
Closed by David Runge (dvzrv)
Thursday, 06 August 2020, 08:46 GMT
Reason for closing: Fixed
Additional comments about closing: Using nobody user/group is discouraged and since 2.4.4-2 the package ships a service that runs as a separate unprivileged user.
Thursday, 06 August 2020, 08:46 GMT
Reason for closing: Fixed
Additional comments about closing: Using nobody user/group is discouraged and since 2.4.4-2 the package ships a service that runs as a separate unprivileged user.
I have just worked on the package and hardened the systemd service. I have removed the patch to the upstream configuration file, that forced a user change.
It is absolutely not advised to run a system service as root and then drop its privileges to the special user nobody.
The package now adds a new user (icecast) and runs the service as that. I will also update the wiki.