Create Task
Maniphest T77976

phabricator - don't run as root
Closed, ResolvedPublic
Actions

Description

I noticed the phabricator processes (TaskMasterDaemon etc) are running as root when looking at something else.

I was thinking we probably want to add a proper system user via puppet and then make it run as that instead as long as there is no specific reason for the current setup.

Related Objects
Search...

Dzahn created this task.Dec 9 2014, 12:26 PM
Dzahn updated the task description. (Show Details)
Dzahn raised the priority of this task from to Needs Triage.
Dzahn changed Security from none to Software security bug.
Dzahn added a subscriber: Dzahn.
Restricted Application changed the visibility from "Public (No Login Required)" to "Custom Policy". · View Herald TranscriptDec 9 2014, 12:26 PM
Restricted Application changed the edit policy from "All Users" to "Custom Policy". · View Herald Transcript
Restricted Application added a project: Security. · View Herald Transcript
Restricted Application changed the visibility from "Custom Policy" to "Custom Policy". · View Herald TranscriptDec 9 2014, 12:28 PM
Restricted Application changed the edit policy from "Custom Policy" to "Custom Policy". · View Herald Transcript
chasemp added a comment.Dec 9 2014, 3:29 PM

AFAIK PhD is set to run as PhD user so maybe an update mixed thing up or something.

Restricted Application changed the visibility from "Custom Policy" to "Custom Policy". · View Herald TranscriptDec 9 2014, 3:29 PM
Restricted Application changed the edit policy from "Custom Policy" to "Custom Policy". · View Herald Transcript
chasemp closed this task as Resolved.Jan 14 2015, 4:45 PM
chasemp claimed this task.

Turns out there was some unexpected behavior here, but it was addressed in this latest update.

ps -ef | grep phd

phd      21190     1  0 15:20 pts/1    00:00:25 php ./phd-daemon PhabricatorRepositoryPullLocalDaemon --daemonize --log=/var/log/phd/daemons.log --phd=/var/run/phd/pid
Krenair added a subscriber: Krenair.Jan 15 2015, 5:46 PM

So can this be made public now?

chasemp added a comment.Jan 15 2015, 5:57 PM
In T77976#979888, @Krenair wrote:

So can this be made public now?

Sure

chasemp changed the visibility from "Custom Policy" to "Public (No Login Required)".Jan 15 2015, 5:58 PM
chasemp changed the edit policy from "Custom Policy" to "All Users".
chasemp changed Security from Software security bug to None.
Content licensed under Creative Commons Attribution-ShareAlike 3.0 (CC-BY-SA) unless otherwise noted; code licensed under GNU General Public License (GPL) or other open source licenses. By using this site, you agree to the Terms of Use, Privacy Policy, and Code of Conduct. · Wikimedia Foundation · Privacy Policy · Code of Conduct · Terms of Use · Disclaimer · CC-BY-SA · GPL