Project

General

Profile

Actions

Task #6952

open

ppa: run as a non-root user

Added by Jason Ish 7 months ago. Updated 7 months ago.

Status:
Assigned
Priority:
High
Assignee:
Target version:
Effort:
Difficulty:
Label:

Description

Like the RPM, which uses run-as.


Related issues 2 (2 open0 closed)

Related to Suricata - Feature #6936: landlock: enable by defaultNewOISF DevActions
Blocks Suricata - Story #7160: deployment: improve secure deploymentNewVictor JulienActions
Actions #1

Updated by Jason Ish 7 months ago

Actions #2

Updated by Jason Ish 7 months ago

  • Subject changed from packaging: run as a non-root user to ppa: run as a non-root user
Actions #3

Updated by Jason Ish 7 months ago

  • Target version changed from TBD to Packaging/PPA
Actions #4

Updated by Victor Julien 7 months ago

  • Status changed from New to Assigned
  • Assignee changed from OISF Dev to Peter Manev
  • Priority changed from Normal to High

One question is: when should we do this? Seems risky to do it in a patch release?

Actions #5

Updated by Jason Ish 7 months ago

Victor Julien wrote in #note-4:

One question is: when should we do this? Seems risky to do it in a patch release?

Yes, it can be risky. You'd have to get all the chmod's and chown's right in the upgrade script. Would still need to do that when upgrading to a new major release, just breakage is a little more acceptable at a major version. I think making it a goal for 8.0 would be good.

Actions #6

Updated by Victor Julien 4 months ago

  • Blocks Story #7160: deployment: improve secure deployment added
Actions

Also available in: Atom PDF