Page MenuHomePhabricator
Create Task
Maniphest T77976

phabricator - don't run as root
Closed, ResolvedPublic
Actions

Description

I noticed the phabricator processes (TaskMasterDaemon etc) are running as root when looking at something else.

I was thinking we probably want to add a proper system user via puppet and then make it run as that instead as long as there is no specific reason for the current setup.

Related Objects
Search...

View Standalone Graph
This task is connected to more than 200 other tasks. Only direct parents and subtasks are shown here. Use View Standalone Graph to show more of the graph.
StatusSubtypeAssignedTask
· · ·
Resolved chasempT78243 Phabricator upgrade on 2015-01-14
Resolved chasempT77976 phabricator - don't run as root
· · ·

Event Timeline

Dzahn created this task.Dec 9 2014, 12:26 PM
Dzahn raised the priority of this task from to Needs Triage.
Dzahn updated the task description. (Show Details)
Dzahn changed Security from none to Software security bug.
Dzahn added a subscriber: Dzahn.
Restricted Application changed the visibility from "Public (No Login Required)" to "Custom Policy". · View Herald TranscriptDec 9 2014, 12:26 PM
Restricted Application changed the edit policy from "All Users" to "Custom Policy". · View Herald Transcript
Restricted Application added a project: acl*security. · View Herald Transcript
Aklapper added a subscriber: chasemp.Dec 9 2014, 12:28 PM
Restricted Application changed the visibility from "Custom Policy" to "Custom Policy". · View Herald TranscriptDec 9 2014, 12:28 PM
Restricted Application changed the edit policy from "Custom Policy" to "Custom Policy". · View Herald Transcript
chasemp added a comment.Dec 9 2014, 3:29 PM

AFAIK PhD is set to run as PhD user so maybe an update mixed thing up or something.

Restricted Application changed the visibility from "Custom Policy" to "Custom Policy". · View Herald TranscriptDec 9 2014, 3:29 PM
Restricted Application changed the edit policy from "Custom Policy" to "Custom Policy". · View Herald Transcript
chasemp closed this task as Resolved.Jan 14 2015, 4:45 PM
chasemp claimed this task.

Turns out there was some unexpected behavior here, but it was addressed in this latest update.

ps -ef | grep phd

phd      21190     1  0 15:20 pts/1    00:00:25 php ./phd-daemon PhabricatorRepositoryPullLocalDaemon --daemonize --log=/var/log/phd/daemons.log --phd=/var/run/phd/pid
Aklapper added a parent task: T78243: Phabricator upgrade on 2015-01-14.Jan 14 2015, 6:04 PM
Krenair added a subscriber: Krenair.Jan 15 2015, 5:46 PM

So can this be made public now?

chasemp added a comment.Jan 15 2015, 5:57 PM
In T77976#979888, @Krenair wrote:

So can this be made public now?

Sure

chasemp changed the visibility from "Custom Policy" to "Public (No Login Required)".Jan 15 2015, 5:58 PM
chasemp changed the edit policy from "Custom Policy" to "All Users".
chasemp changed Security from Software security bug to None.
Krenair added a project: Phabricator.Jan 15 2015, 5:58 PM
Negative24 mentioned this in T93477: Phabricator's phd can't sudo to user phd.Mar 21 2015, 5:31 PM
chasemp added a project: Security.Feb 10 2020, 10:53 PM
chasemp removed a project: acl*security.Feb 20 2020, 8:14 PM
Content licensed under Creative Commons Attribution-ShareAlike 3.0 (CC-BY-SA) unless otherwise noted; code licensed under GNU General Public License (GPL) or other open source licenses. By using this site, you agree to the Terms of Use, Privacy Policy, and Code of Conduct. · Wikimedia Foundation · Privacy Policy · Code of Conduct · Terms of Use · Disclaimer · CC-BY-SA · GPL