View Issue Details

IDProjectCategoryView StatusLast Update
0003053unrealircdpublic2010-08-20 13:11
ReporterStealthAssigned Toohnobinki 
PrioritynormalSeveritytweakReproducibilityN/A
Status resolvedResolutionfixed 
Platform*OS*OS Version*
Product Version3.2.6 
Target VersionFixed in Version3.2.9-RC1 
Summary0003053: Warning when running as root
DescriptionIf Unreal is started as root, I think it would be great to have it print a warning and have the user enter a confirmation. Maybe have the user say it is OK once like X-Chat does.

Such as:

WARNING: Running Unreal as root is bad!
Start anyway? (yes/no):
TagsNo tags attached.
3rd party modules

Relationships

child of 0003776 resolvedsyzop Unreal3.2.9 TODO 

Activities

codemastr

2006-09-04 12:48

reporter   ~0012307

X-Chat is a client program. Unreal is a daemon. A daemon shouldn't ask questions like that. For example, consider having a script that starts Unreal. It will now hang waiting for someone to type "y". I agree, you shouldn't run Unreal as root, but I think this is a bad way to solve the problem. The more questions an IRCd has to ask, the more difficult it is to automate.

Stealth

2006-09-04 14:11

reporter   ~0012308

That's why it only asks once... It can store the yes result in the tune file or smth

pinstrate

2006-09-04 15:47

reporter   ~0012309

I promise I'll write a patch to remove this stuff from the core if it will be added.

Behave like all other ircds - just warn but nothing more!

aquanight

2006-09-04 16:37

reporter   ~0012310

Also there are reasons that it may be necessary for unreal to boot as root, chroot and setuid/setgid to name a few (though this then gets to crazy interactions with /rehash, /restart and such). Also the pedants who want to use the IANA IRC port (194 I think?) that's in the privileged range have to start unreal as root (and setuid probably doesn't work in that case).

Look at most of the other common daemons (syslog, sshd, httpd, ftpd, ntpd, cron, etc). How many of them ask "Are you sure you want to start this daemon as root?" on /dev/console first time you start your system? That would be bad for a headless system.

syzop

2006-09-04 16:57

administrator   ~0012311

Warning? Sure. But not if IRC_UID is defined and > 0.
Prompt or anything else? No.

djGrrr

2006-09-07 21:27

reporter   ~0012348

IANA IRC port (194 I think?) <-- technically you don't need to start as root for that, as you can setup a firewall rule to say, forward port 194 (a virtual forward to the same box) to something higher like 6667.

Most if not all firewall packages for *nix and *bsd support this in some way shape or form, and its actually quite useful in situations like that :)

pinstrate

2006-09-08 01:48

reporter   ~0012359

stupid idea actually..

You flush your fw and everyone is connection reset by peer or ping timeout.

djGrrr

2006-09-08 08:34

reporter   ~0012360

And for what reason would you ever flush your firewall ?
This wouldn't be for someone who doesn't know what they are doing....
If you have it setup correctly, flushing your firewall doesn't disconnect existing connections, it would just deny new connections to the virtual port.

*most* people aren't exactly in the habbit of flushing their firewall if its going to cause disconnections....

syzop

2010-07-14 21:01

administrator   ~0016185

I think we can resurrect this idea again ;)

See my (2006) comment: add a (clear) warning, but don't warn if IRC_UID (or IRC_USER nowadays?) is in use (coz it will setuid...).

2010-08-20 05:53

 

unreal-3053-warn-root.patch (1,584 bytes)

ohnobinki

2010-08-20 05:53

reporter   ~0016290

unreal-3053-warn-root.patch: Warns users if they are starting UnrealIRCd as root and seteuid() is not enabled. Tested with IRC_USER and IRC_GROUP set and unset, seems to work.

syzop

2010-08-20 11:09

administrator   ~0016291

Looks good.
Though, you might want to mention something about setting IRC_USER in include/config.h in the error message.
Basically, give a suggestion of what the user should do: 'Either start the IRCd as another user than root, or properly set IRC_USER in include/config.h'.. something like that...

ohnobinki

2010-08-20 13:11

reporter   ~0016292

OK, the text has been lengthened to include those instructions and committed.

- Warn users against running UnrealIRCd as root without setting IRC_USER. (0003053 reported by Stealth)

Issue History

Date Modified Username Field Change
2006-09-04 11:45 Stealth New Issue
2006-09-04 12:48 codemastr Note Added: 0012307
2006-09-04 14:11 Stealth Note Added: 0012308
2006-09-04 15:47 pinstrate Note Added: 0012309
2006-09-04 16:37 aquanight Note Added: 0012310
2006-09-04 16:57 syzop Note Added: 0012311
2006-09-04 16:57 syzop Status new => acknowledged
2006-09-07 21:27 djGrrr Note Added: 0012348
2006-09-08 01:48 pinstrate Note Added: 0012359
2006-09-08 08:34 djGrrr Note Added: 0012360
2010-07-14 20:59 syzop Relationship added child of 0003776
2010-07-14 21:01 syzop Note Added: 0016185
2010-08-20 05:31 ohnobinki Status acknowledged => assigned
2010-08-20 05:31 ohnobinki Assigned To => ohnobinki
2010-08-20 05:53 ohnobinki File Added: unreal-3053-warn-root.patch
2010-08-20 05:53 ohnobinki Note Added: 0016290
2010-08-20 11:09 syzop Note Added: 0016291
2010-08-20 13:11 ohnobinki QA => Not touched yet by developer
2010-08-20 13:11 ohnobinki U4: Need for upstream patch => No need for upstream InspIRCd patch
2010-08-20 13:11 ohnobinki Note Added: 0016292
2010-08-20 13:11 ohnobinki Status assigned => resolved
2010-08-20 13:11 ohnobinki Fixed in Version => 3.2.9-RC1
2010-08-20 13:11 ohnobinki Resolution open => fixed