On 25/05/2016 12:50, Christophe-Marie Duquesne wrote:
I am trying to write a runit script that would require a passphrase when starting. This passphrase must not exist in clear on the filesystem, and it would require user interaction.
This is not easy to do properly. Supervised services are usually run with a safe, minimal environment. Typically, with runit, services have their stdin, stdout and stderr pointing to /dev/console - a design I do not agree with: it should be /dev/null by default, and /dev/console should only be used for emergency logging and never for input. If you need user interaction in a service, you will have to create the way for the user to interact. /dev/console, as any shared resource, is dangerous because other programs could grab it and you may end up not reading the proper input. If you have X running by the time your service is launched, the ideal mechanism is one similar to ssh-askpass: you'd give the DISPLAY environment variable to your service, which would get its user input via an ad-hoc window on the specified display. If you don't, then it may be desirable to create a terminal (for instance in a Linux virtual console) and use it to get user input. Interactive supervised services are generally not a good idea. If they die, they cannot be respawned without user action, which goes against the principle of supervision. If you need authentication, please consider something similar to ssh-agent, which asks for interactive input once and provides noninteractive authentication afterwards. -- Laurent
