Project

General

Profile

Actions
Copy link

Task #6952

open

ppa: run as a non-root user

Added by Jason Ish 12 months ago. Updated 26 days ago.

Status:
In Progress
Priority:
High
Assignee:
Peter Manev
Target version:
Packaging/PPA
Effort:
Difficulty:
Label:

Description

Like the RPM, which uses run-as.

Related issues 2 (2 open0 closed)

Related to Suricata - Feature #6936: landlock: enable by defaultNewOISF DevActions
Blocks Suricata - Story #7160: deployment: improve secure deploymentNewVictor JulienActions
Actions
Copy link
 #1

Updated by Jason Ish 12 months ago

Actions
Copy link
 #2

Updated by Jason Ish 12 months ago

  • Subject changed from packaging: run as a non-root user to ppa: run as a non-root user
Actions
Copy link
 #3

Updated by Jason Ish 12 months ago

  • Target version changed from TBD to Packaging/PPA
Actions
Copy link
 #4

Updated by Victor Julien 12 months ago

  • Status changed from New to Assigned
  • Assignee changed from OISF Dev to Peter Manev
  • Priority changed from Normal to High

One question is: when should we do this? Seems risky to do it in a patch release?

Actions
Copy link
 #5

Updated by Jason Ish 12 months ago

Victor Julien wrote in #note-4:

One question is: when should we do this? Seems risky to do it in a patch release?

Yes, it can be risky. You'd have to get all the chmod's and chown's right in the upgrade script. Would still need to do that when upgrading to a new major release, just breakage is a little more acceptable at a major version. I think making it a goal for 8.0 would be good.

Actions
Copy link
 #6

Updated by Victor Julien 9 months ago

  • Blocks Story #7160: deployment: improve secure deployment added
Actions
Copy link
 #7

Updated by Peter Manev 26 days ago ยท Edited

For Suricata 8 implement:

  • run as user
  • systemd

note: make sure ownership is covered too.

Actions
Copy link
 #8

Updated by Peter Manev 26 days ago

  • Status changed from Assigned to In Progress
Actions
Copy link

Also available in: Atom PDF