does tuptime need root?
Closed this issue · 7 comments
it looks like tuptime runs as root all the time... is that really necessary?
couldn't it be running as a dedicated user?
It's not neccesary, I picked up root for avoid than the other users modified the data base file.
Do you consider right the creation of an user "tuptime"? There is no problem.
we could create a tuptime user, of course, in the debian package. this is fairly standard procedure.
i just wonder what would happen if a regular user would run tuptime without write access to the database - won't sqlite try to lock it and fail?
That scenario is covered, only the user that have write permission can upload the database registers, any other unprivileged user can only read it, but both will have the same values.
For example, if tuptime was installed with root and you run it with a normal user enabling verbose mode, these two lines are printed:
WARNING values not saved into db - Test file permissions
WARNING attempt to write a readonly database
But, the values are updated internally in python execution without writing anyting. The only exception is the first execution after a startup. In that case, if you do the same, the message is:
ERROR After system restart, the values must be saved into db. Please, execute tuptime with a privileged user.
But it is a uncommon case, because if the init manager execute it, any user fall in the example case at the top.
right, okay. i will let you do a release then will work on creating a user in the debian package.
you can also do it yourself if you wish. i think it should only be a matter of changing the cron job, the service file, and adding/removing a user in the debian/post* scripts. A recent example of this in a debian package i maintain is willie:
https://sources.debian.net/src/willie/5.5.1-1/debian/postrm/#L28
https://sources.debian.net/src/willie/5.5.1-1/debian/postrm/#L28
https://sources.debian.net/src/willie/5.5.1-1/debian/init.d/#L50
note that, in the debian package, you may want to ship the init.d
file properly as well, to support users who do not wish to run systemd, which is still supported in debian...
Off course, let me the time for do it...
no problem, of course. :)
Hi Anarcat,
It's done, please, review it.
Thanks!