akscramHi, how can I run the job under special user and group?14:56
JanC_akscram: use 'su'15:06
=== JanC_ is now known as JanC
akscramJanC: 10x, but for user without shell I must run su with -s option but it is potential security risk15:23
akscraminterest question is why upstart natively not support optional execution jobs under non-privileged users15:26
wraidenbecause most of the services out there are capable of dropping priviledges and no one stepped up to implement a user change? sysv init even doesn't support this by it self...15:28
wraidenwould be a huge can of worms to implement that. one needs to pull in pam if one want to support environmental updates on user change...15:30
akscramI no try compare SysV and upstart but this problem is important15:30
wraidenwrit a sh script for it and include that in your job config15:32
JanCakscram: what exactly would be the security risk?15:32
akscramJanC: service potential have vulnerabilities and attacker can have user with shell to run some operation15:46
JanCif the service has vulnerabilities, doesn't that already pose the same problem?15:48
akscramwraiden: interesting but it is no solution give the user to decide the problem itself15:51
akscramyes I wrote script..end script becouse I haven't other solutions15:52
akscramJanC: I say potentialy but all known problems are fixed in the service15:56
JanCwhat I mean is: _when_ there is a security problem in a service, then it doesn't really matter whether you use su or something else...?15:57
akscramJanC: exactly but in breaking case attacker have more possibilities in one case16:09
JanCI don't see exactly what extra possibilities that would give, but maybe I'm looking over it...16:59

Generated by irclog2html.py 2.7 by Marius Gedminas - find it at mg.pov.lt!