Your message dated Mon, 26 Dec 2011 05:19:23 -0600
with message-id <[email protected]>
and subject line Re: git-daemon-run still runs as root in Lenny
has caused the Debian Bug report #494991,
regarding git-daemon-run should run git-daemon as a non-privileged user
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)
--
494991: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=494991
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message ---
Package: git-daemon-run
Severity: wishlist
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
It looks to me like git-daemon-run creates a listening service running
git-daemon as the superuser.
I've set up similar runit-supervised git-daemon instances that operate
as a non-privileged user and they work fine (at least for
publication). Using a non-privileged user seems like a more secure
approach.
Is there a specific reason to have git-daemon-run launch git-daemon as
root? If the package creates the gitlog user, why not also create
git-data (by analogy with www-data) or something similar, and launch
the service that way?
Or am i misunderstanding git-daemon-run somehow?
Regards,
--dkg
- -- System Information:
Debian Release: lenny/sid
APT prefers testing
APT policy: (500, 'testing'), (200, 'unstable'), (101, 'experimental')
Architecture: i386 (i686)
Kernel: Linux 2.6.25-2-686 (SMP w/1 CPU core)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/bash
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)
iQIVAwUBSKMSGMzS7ZTSFznpAQKMzBAAl5YhONh8g7cAwxdfvvFyCB7av3/abpcF
O7LfWtWJkwORo7E3UuA0g8BJGqUwvIE2bbRZaKfdeK8MuACk3qd2GKLLzgYbkoPC
hgav7p6nx7T4QcfFbeT8B6x0IsocdeXZIVicJOfgXpgrrRcfauWsCV0FojCu9Xy9
e6ELgg+w26dUwCl5/RD1DUiOUy1zFm36LUve1h4drCZsmRyM0F/ycuo5N832E8PB
Ft+BKAvjsBvGURWZnQU+HrCSC6IXXmQV2Ei3Jjg/kVElJSZvTB4SCmYR/X5+YAN1
bPRN+Ws0/MWrSYjLgrCU0GeoQo/RbkDBCZ+Q50yaTl6A2A5L2GDBQT3ORVIPpQfm
P7jKvhjD/3nvdA75YcB+41N8773uNbD6eK6Q8GmUvmGFPnPoLP2jG/KcttVIqz8M
IebNOcSPHjzjVOwOrnCFulXfPeN2Z9nam3dy6uL8w/oR/TPAqKWwplgofTKB9brA
8jBQs7QwC8qWjNQ+aETdX1KRc3CfJ9vj9X9nnjlowFkbYLAdf5pcPgP1/PMWqLBh
jLsoGN9p7v6Logs1IVvF/alcjX02qK6+YEd+ULPjUb0aHRbh4vUqVocp5OSC2L0o
3H40nWUKW31rBAsSxIRA57isRJsepvaWl6eaZXygIg4yBAqUpXdxGYpFq77P8UYd
eplGwdWKfvY=
=FJE6
-----END PGP SIGNATURE-----
--- End Message ---
--- Begin Message ---
Ansgar Burchardt wrote:
> This bug is still present in Lenny. I think it would be nice to have
> git-daemon run as a non-privileged user there as well.
Too invasive. Closing but leaving this marked as fixed in squeeze to
reflect the current status.
Thanks,
Jonathan
--- End Message ---
