Project

General

Profile

Actions

Task #6952

open

ppa: run as a non-root user

Added by Jason Ish 12 months ago. Updated 26 days ago.

Status:
In Progress
Priority:
High
Assignee:
Target version:
Effort:
Difficulty:
Label:

Description

Like the RPM, which uses run-as.


Related issues 2 (2 open0 closed)

Related to Suricata - Feature #6936: landlock: enable by defaultNewOISF DevActions
Blocks Suricata - Story #7160: deployment: improve secure deploymentNewVictor JulienActions
Actions #1

Updated by Jason Ish 12 months ago

Actions #2

Updated by Jason Ish 12 months ago

  • Subject changed from packaging: run as a non-root user to ppa: run as a non-root user
Actions #3

Updated by Jason Ish 12 months ago

  • Target version changed from TBD to Packaging/PPA
Actions #4

Updated by Victor Julien 12 months ago

  • Status changed from New to Assigned
  • Assignee changed from OISF Dev to Peter Manev
  • Priority changed from Normal to High

One question is: when should we do this? Seems risky to do it in a patch release?

Actions #5

Updated by Jason Ish 12 months ago

Victor Julien wrote in #note-4:

One question is: when should we do this? Seems risky to do it in a patch release?

Yes, it can be risky. You'd have to get all the chmod's and chown's right in the upgrade script. Would still need to do that when upgrading to a new major release, just breakage is a little more acceptable at a major version. I think making it a goal for 8.0 would be good.

Actions #6

Updated by Victor Julien 9 months ago

  • Blocks Story #7160: deployment: improve secure deployment added
Actions #7

Updated by Peter Manev 26 days ago ยท Edited

For Suricata 8 implement:

  • run as user
  • systemd

note: make sure ownership is covered too.

Actions #8

Updated by Peter Manev 26 days ago

  • Status changed from Assigned to In Progress
Actions

Also available in: Atom PDF