| Anonymous | Login | Signup for a new account | 2018-01-05 07:26 CET |  |
| Main | My View | View Issues | Change Log | Roadmap |
| View Issue Details [ Jump to Notes ] | [ Issue History ] [ Print ] | ||||||||||
| ID | Project | Category | View Status | Date Submitted | Last Update | ||||||
| 0001326 | Sphinx | general | public | 2012-10-19 04:29 | 2017-01-22 19:11 | ||||||
| Reporter | danblack | ||||||||||
| Assigned To | shodan | ||||||||||
| Priority | normal | Severity | feature | Reproducibility | always | ||||||
| Status | assigned | Resolution | open | ||||||||
| Product Version | 2.0.5-release | ||||||||||
| Target Version | 2.2.9-dev | Fixed in Version | |||||||||
| Summary | 0001326: packages run searchd service as root | ||||||||||
| Description | Running a full service like searchd as root when it doesn't need those privs is unnecessary. | ||||||||||
| Steps To Reproduce | Download ubuntu or debian package from http://sphinxsearch.com/downloads/release/ [^] install. ps -ef | fgrep searchd its running as root. | ||||||||||
| Additional Information | Tested these with Debian 6.0.5 Squeeze x86_64 and Ubuntu 10.04 LTS i386 DEB Debian upstream is also running as a separate user (http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=656326 [^]) Redhat changes probably also desirable. General: debian and ubuntu package should: adduser --system sphinxsearch --home /var/lib/sphinxsearch --no-create-home --shell /bin/sh mkdir /var/run/sphinxsearch chown -R sphinxsearch:root /var/run/sphinxsearch /var/lib/sphinxsearch /var/log/sphinxsearch /etc/sphinxsearch Ubuntu upstart (tested on lucid): in /etc/init/sphinxsearch.conf replace exec: exec su sphinxsearch -c '/usr/bin/searchd --nodetach' if using a release after lucid ubuntu upstart use instead setuid sphinxsearch at end of prescript add: mkdir -p /var/run/sphinxsearch chown sphinxsearch /var/run/sphinxsearch Debian Initscript differences: --- /etc/init.d/sphinxsearch.orig 2012-10-18 23:53:20.000000000 +0000 +++ /etc/init.d/sphinxsearch 2012-10-19 02:24:07.000000000 +0000 @@ -27,7 +27,7 @@ test -x $DAEMON || exit 0 LOGDIR=/var/log/sphinxsearch -PIDFILE=/var/run/searchd.pid +PIDFILE=/var/run/sphinxsearch/searchd.pid DODTIME=1 # Time to wait for the server to die, in seconds # If this value is set too low you might not # let some servers to die gracefully and @@ -102,11 +102,18 @@ echo "A template is provided as /etc/sphinxsearch/sphinx.conf.sample." exit 1 fi + # piddir=${PIDFILE%[^/]*} + piddir=`dirname $PIDFILE` + + if [ ! -d $piddir ]; then + mkdir -p $piddir + chown sphinxsearch $piddir + fi - start-stop-daemon --start --pidfile $PIDFILE --exec ${DAEMON} + start-stop-daemon --start --pidfile $PIDFILE --chuid sphinxsearch --exec ${DAEMON} } do_stop() { - start-stop-daemon --stop --quiet --oknodo --pidfile $PIDFILE \ + start-stop-daemon --stop --quiet --oknodo --pidfile $PIDFILE --user sphinxsearch \ --exec $DAEMON } | ||||||||||
| Tags | No tags attached. | ||||||||||
| Attached Files | |||||||||||
 Relationships |
|
 Relationships |
|
Notes |
|
|
(0003436) danblack (reporter) 2012-11-01 08:05 |
Also with packaging: add a logrotate.d file like /etc/logrotate.d/sphinxsearch with contents: /var/log/sphinxsearch/*.log { daily missingok rotate 7 compress notifempty } |
|
(0004988) Grinnz (reporter) 2013-11-25 20:38 |
RHEL/CentOS packages correctly run searchd as user 'sphinx' and include /etc/logrotate.d/sphinx . Do debian/ubuntu packages still have this issue? |
|
(0004989) pQd (reporter) 2013-11-25 20:40 edited on: 2013-11-25 20:40 |
yes - at least sphinxsearch_2.2.1-beta-1~wheezy_amd64.deb for debian runs searchd as root by default. |
|
(0005959) ffauvel (reporter) 2014-11-12 00:06 |
Debian has fixed this bug since 2012 in their .deb, could it be replicate to the .deb file provide on sphinxsearch.com ? /var/run/sphinxsearch is still inexistant if server is reboot, must be recreate in init.d script like they do in the debian officiel deb file. |
|
(0006030) danblack (reporter) 2014-12-03 06:54 |
http://ftp.de.debian.org/debian/pool/main/s/sphinxsearch/sphinxsearch_2.2.5-1.debian.tar.xz [^] for patches |
|
Notes |
|
Issue History |
|||
| Date Modified | Username | Field | Change |
| 2012-10-19 04:29 | danblack | New Issue | |
| 2012-10-26 10:52 | kevg | Assigned To | => Yukron |
| 2012-10-26 10:52 | kevg | Status | new => assigned |
| 2012-11-01 08:05 | danblack | Note Added: 0003436 | |
| 2013-11-25 10:07 | pQd | Issue Monitored: pQd | |
| 2013-11-25 20:38 | Grinnz | Note Added: 0004988 | |
| 2013-11-25 20:40 | pQd | Note Added: 0004989 | |
| 2013-11-25 20:40 | pQd | Note Edited: 0004989 | View Revisions |
| 2014-11-11 23:59 | ffauvel | Issue Monitored: ffauvel | |
| 2014-11-12 00:06 | ffauvel | Note Added: 0005959 | |
| 2014-12-03 06:54 | danblack | Note Added: 0006030 | |
| 2015-04-14 12:31 | Yukron | Status | assigned => confirmed |
| 2015-04-14 12:31 | Yukron | Target Version | => 2.2.9-dev |
| 2016-01-23 17:00 | cgrote | Issue Monitored: cgrote | |
| 2016-01-23 17:01 | cgrote | Issue End Monitor: cgrote | |
| 2017-01-22 19:11 | Yukron | Assigned To | Yukron => shodan |
| 2017-01-22 19:11 | Yukron | Status | confirmed => assigned |
|
Issue History |
| Copyright © 2000 - 2010 MantisBT Group |
 |