Bug#770417: calendarserver: please do not run as root

Thu, 20 Nov 2014 20:15:40 -0800 

Package: calendarserver
Version: 5.2.2+dfsg-2
Severity: important

At least the current version of caldavd does not need to run as root. Please 
give it `-u caldavd -g caldavd` by default in the initscript.

As a workaround, I can set this in DAEMON_OPTS in /etc/default/calendarserver.

This also means I don't have to screw around with pg_ident.conf when using peer 
authentication (as instructed in README.Debian), since the entire process runs 
as caldavd and never as root in the first place.

The log says

[-] /usr/lib/python2.7/dist-packages/twisted/python/util.py:753: 
exceptions.UserWarning: tried to drop privileges and setuid 135 but uid is 
already 135; should we be root? Continuing.

but this is just a warning; nothing bad has happened yet.

-- System Information:
Debian Release: jessie/sid
  APT prefers testing
  APT policy: (990, 'testing'), (500, 'unstable'), (500, 'stable'), (1, 
'experimental')
Architecture: amd64 (x86_64)
Foreign Architectures: i386

Kernel: Linux 3.16.0-4-amd64 (SMP w/4 CPU cores)
Locale: LANG=en_GB.utf8, LC_CTYPE=en_GB.utf8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash

Versions of packages calendarserver depends on:
ii  adduser                3.113+nmu3
ii  libc6                  2.19-13
ii  lsb-base               4.1+Debian13+nmu1
ii  memcached              1.4.21-1
ii  python                 2.7.8-2
ii  python-cffi            0.8.6-1
ii  python-crypto          2.6.1-5+b2
ii  python-dateutil        2.2-2
ii  python-kerberos        1.1.5-0.1
ii  python-ldap            2.4.10-1
ii  python-nevow           0.11.1-1
ii  python-openssl         0.14-1
ii  python-psutil          2.1.1-1+b1
ii  python-pycalendar      2.0~svn13177-1
ii  python-pycparser       2.10+dfsg-3
ii  python-pygresql        1:4.0-3.1
ii  python-setproctitle    1.1.8-1
ii  python-sqlparse        0.1.13-2
ii  python-twisted-conch   1:14.0.2-2
ii  python-twisted-core    14.0.2-2
ii  python-twisted-mail    14.0.2-2
ii  python-twisted-web     14.0.2-2
ii  python-twisted-words   14.0.2-2
ii  python-xattr           0.6.4-3
ii  python-zope.interface  4.1.1-2
ii  ssl-cert               1.0.35

Versions of packages calendarserver recommends:
ii  python-pam  0.4.2-13.1

Versions of packages calendarserver suggests:
pn  pyflakes         <none>
pn  python-epydoc    <none>
ii  python-pyasn1    0.1.7-1
pn  python-pydoctor  <none>
ii  python-tz        2012c+dfsg-0.1

-- Configuration Files:
/etc/caldavd/caldavd.plist changed [not included]
/etc/default/calendarserver changed [not included]

-- no debconf information


-- 
To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org

Reply via email to