ttorcz pushed to uptimed (master). "switch to running as 'daemon' user"
notifications at fedoraproject.org
notifications at fedoraproject.org
Wed May 13 14:14:36 UTC 2015
From db6ebdd68d6bce1c3a02409a3ac35b2f462b57ca Mon Sep 17 00:00:00 2001
From: Tomasz Torcz <tomek at pipebreaker.pl>
Date: Wed, 13 May 2015 16:14:15 +0200
Subject: switch to running as 'daemon' user
diff --git a/uptimed-0001-systemd-unit-run-as-daemon-user-not-root.patch b/uptimed-0001-systemd-unit-run-as-daemon-user-not-root.patch
new file mode 100644
index 0000000..8e3d43c
--- /dev/null
+++ b/uptimed-0001-systemd-unit-run-as-daemon-user-not-root.patch
@@ -0,0 +1,43 @@
+From 2ba2f22b91c064851a0b824402dec200771357a8 Mon Sep 17 00:00:00 2001
+From: Tomasz Torcz <tomek at pipebreaker.pl>
+Date: Wed, 13 May 2015 14:09:44 +0200
+Subject: [PATCH] systemd unit: run as 'daemon' user, not root
+
+ Debian has been running uptimed as 'daemon' for three years now.
+Root permissions are unneccessary. Packagers should ensure that
+/var/spool/uptimed is chown'ed on upgrade.
+---
+ ChangeLog | 7 +++++++
+ etc/uptimed.service.in | 1 +
+ 2 files changed, 8 insertions(+)
+
+diff --git a/ChangeLog b/ChangeLog
+index 0452ee3..278df5a 100644
+--- a/ChangeLog
++++ b/ChangeLog
+@@ -1,3 +1,10 @@
++0.4.
++-----
++
++- systemd unit: run as 'daemon' user, not root;
++ packagers should make sure to chown /var/spool/uptimed/
++ on update
++
+ 0.4.0
+ -----
+
+diff --git a/etc/uptimed.service.in b/etc/uptimed.service.in
+index 780420f..8ebd032 100644
+--- a/etc/uptimed.service.in
++++ b/etc/uptimed.service.in
+@@ -6,6 +6,7 @@ Documentation=man:uptimed(8) man:uprecords(1)
+ Type=notify
+ ExecStart=@prefix@/sbin/uptimed -f
+ Restart=on-failure
++User=daemon
+
+ [Install]
+ WantedBy=multi-user.target
+--
+2.1.0
+
diff --git a/uptimed.spec b/uptimed.spec
index 2487d9b..539ba25 100644
--- a/uptimed.spec
+++ b/uptimed.spec
@@ -2,11 +2,13 @@
Summary: A daemon to record and keep track of system up times
Name: uptimed
Version: 0.4.0
-Release: 1%{?dist}
+Release: 2%{?dist}
License: GPLv2
Group: System Environment/Daemons
URL: http://podgorny.cz/moin/Uptimed
Source0: https://github.com/rpodgorny/%{name}/archive/v%{version}.tar.gz
+# https://github.com/rpodgorny/uptimed/pull/6
+Patch0: uptimed-0001-systemd-unit-run-as-daemon-user-not-root.patch
BuildRequires: systemd-units
BuildRequires: autoconf, automake, libtool
Requires(post): systemd-units
@@ -35,6 +37,7 @@ Development header and library for uptimed.
# remove bundled getopt
rm -rf src/getopt.[ch]
sed --in-place -e 's/AC_REPLACE_FUNCS(getopt)//' configure.ac
+%patch0 -p1
%build
./autogen.sh
@@ -68,6 +71,9 @@ mkdir -p %{buildroot}%{_localstatedir}/spool/uptimed
%preun
%systemd_preun %{name}.service
+%triggerun -- uptimed < 0.4.0-2
+chown -R daemon:daemon %{_localstatedir}/spool/uptimed
+
%files
%defattr(-,root,root,-)
%doc AUTHORS CREDITS ChangeLog INSTALL.cgi INSTALL.upgrade README.md README.unsupported TODO sample-cgi/
@@ -78,7 +84,7 @@ mkdir -p %{buildroot}%{_localstatedir}/spool/uptimed
%{_mandir}/*/*
%{_libdir}/libuptimed.so.*
%{_unitdir}/uptimed.service
-%dir %{_localstatedir}/spool/uptimed
+%dir %attr(-,daemon,daemon) %{_localstatedir}/spool/uptimed
%files devel
%defattr(-,root,root,-)
@@ -86,6 +92,9 @@ mkdir -p %{buildroot}%{_localstatedir}/spool/uptimed
%{_includedir}/uptimed.h
%changelog
+* Wed May 13 2015 Tomasz Torcz <ttorcz at fedoraproject.org> - 0.4.0-2
+- switch to running as 'daemon' user
+
* Wed Apr 29 2015 Tomasz Torcz <ttorcz at fedoraproject.org> - 0.4.0-1
- new upstream release
--
cgit v0.10.2
http://pkgs.fedoraproject.org/cgit/uptimed.git/commit/?h=master&id=db6ebdd68d6bce1c3a02409a3ac35b2f462b57ca
More information about the scm-commits
mailing list