phabricator - don't run as root
Closed, ResolvedPublic

Description

I noticed the phabricator processes (TaskMasterDaemon etc) are running as root when looking at something else.

I was thinking we probably want to add a proper system user via puppet and then make it run as that instead as long as there is no specific reason for the current setup.

Dzahn created this task.Dec 9 2014, 12:26 PM
Dzahn updated the task description. (Show Details)
Dzahn raised the priority of this task from to Needs Triage.
Dzahn changed Security from none to Software security bug.
Dzahn added a subscriber: Dzahn.
Restricted Application changed the visibility from "Public (No Login Required)" to "Custom Policy". · View Herald TranscriptDec 9 2014, 12:26 PM
Restricted Application changed the edit policy from "All Users" to "Custom Policy". · View Herald Transcript
Restricted Application added a project: Security. · View Herald Transcript
Restricted Application changed the visibility from "Custom Policy" to "Custom Policy". · View Herald TranscriptDec 9 2014, 12:28 PM
Restricted Application changed the edit policy from "Custom Policy" to "Custom Policy". · View Herald Transcript

AFAIK PhD is set to run as PhD user so maybe an update mixed thing up or something.

Restricted Application changed the visibility from "Custom Policy" to "Custom Policy". · View Herald TranscriptDec 9 2014, 3:29 PM
Restricted Application changed the edit policy from "Custom Policy" to "Custom Policy". · View Herald Transcript
chasemp closed this task as Resolved.Jan 14 2015, 4:45 PM
chasemp claimed this task.

Turns out there was some unexpected behavior here, but it was addressed in this latest update.

ps -ef | grep phd

phd      21190     1  0 15:20 pts/1    00:00:25 php ./phd-daemon PhabricatorRepositoryPullLocalDaemon --daemonize --log=/var/log/phd/daemons.log --phd=/var/run/phd/pid

So can this be made public now?

So can this be made public now?

Sure

chasemp changed the visibility from "Custom Policy" to "Public (No Login Required)".Jan 15 2015, 5:58 PM
chasemp changed the edit policy from "Custom Policy" to "All Users".
chasemp changed Security from Software security bug to None.