Bug#806901: citadel: Runs as root but shouldn't

classic Classic list List threaded Threaded
1 message Options
Reply | Threaded
Open this post in threaded view
|

Bug#806901: citadel: Runs as root but shouldn't

John Goerzen-3
Source: citadel
Version: 9.01-1+b1
Severity: important
Tags: security patch

Hi,

This server runs as root by default, but shouldn't.  It spews warnings
over the console about it.  The culprit is likely this line, which is
present in upstream's postinst but missing in ours:

       export CITADEL_UID=`grep ^citadel: /etc/passwd | cut -d :  -f 3`

(They have it right after export CITADEL_INSTALLER=yes)

The log message is:

Dec 01 21:54:59 citadel citserver[480]: citadel should not be configured
to run as root! Check the value of c_ctdluid


-- System Information:
Debian Release: 8.2
  APT prefers stable
  APT policy: (500, 'stable')
Architecture: amd64 (x86_64)
Foreign Architectures: i386

Kernel: Linux 3.16.0-4-amd64 (SMP w/4 CPU cores)
Locale: LANG=en_US.utf8, LC_CTYPE=en_US.utf8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)