Page MenuHomePhabricator

Make ircecho run as its own user
Closed, ResolvedPublic

Description

Currently, it runs as 'nobody', so files it needs to read have to be publicly accessibly.

Running it under an 'ircecho' user would make it possible to just add it to a group that already has permissions to read said file.

Event Timeline

yuvipanda raised the priority of this task from to Needs Triage.
yuvipanda updated the task description. (Show Details)
yuvipanda added a project: acl*sre-team.
yuvipanda changed Security from none to None.
yuvipanda subscribed.

Change 176333 had a related patch set uploaded (by Yuvipanda):
Make ircecho run as ircecho user

https://gerrit.wikimedia.org/r/176333

Patch-For-Review

fgiunchedi triaged this task as Low priority.
fgiunchedi subscribed.

Change 176333 abandoned by Yuvipanda:
Make ircecho run as ircecho user

Reason:
no more ircecho deb

https://gerrit.wikimedia.org/r/176333

So if this is not in a deb anymore what does that mean for the user it runs as?

jbond claimed this task.
jbond subscribed.

closing as ircecho s ran as the irc user

$ systemctl cat ircecho.service | grep User                                                                  
User=irc