View Issue Details
| ID | Project | Category | View Status | Date Submitted | Last Update |
|---|---|---|---|---|---|
| 0003053 | unreal | ircd | public | 2006-09-04 11:45 | 2010-08-20 13:11 |
| Reporter | Stealth | Assigned To | ohnobinki | ||
| Priority | normal | Severity | tweak | Reproducibility | N/A |
| Status | resolved | Resolution | fixed | ||
| Platform | * | OS | * | OS Version | * |
| Product Version | 3.2.6 | ||||
| Fixed in Version | 3.2.9-RC1 | ||||
| Summary | 0003053: Warning when running as root | ||||
| Description | If Unreal is started as root, I think it would be great to have it print a warning and have the user enter a confirmation. Maybe have the user say it is OK once like X-Chat does. Such as: WARNING: Running Unreal as root is bad! Start anyway? (yes/no): | ||||
| Tags | No tags attached. | ||||
| Attached Files | |||||
| 3rd party modules | |||||
|
|
X-Chat is a client program. Unreal is a daemon. A daemon shouldn't ask questions like that. For example, consider having a script that starts Unreal. It will now hang waiting for someone to type "y". I agree, you shouldn't run Unreal as root, but I think this is a bad way to solve the problem. The more questions an IRCd has to ask, the more difficult it is to automate. |
|
|
That's why it only asks once... It can store the yes result in the tune file or smth |
|
|
I promise I'll write a patch to remove this stuff from the core if it will be added. Behave like all other ircds - just warn but nothing more! |
|
|
Also there are reasons that it may be necessary for unreal to boot as root, chroot and setuid/setgid to name a few (though this then gets to crazy interactions with /rehash, /restart and such). Also the pedants who want to use the IANA IRC port (194 I think?) that's in the privileged range have to start unreal as root (and setuid probably doesn't work in that case). Look at most of the other common daemons (syslog, sshd, httpd, ftpd, ntpd, cron, etc). How many of them ask "Are you sure you want to start this daemon as root?" on /dev/console first time you start your system? That would be bad for a headless system. |
|
|
Warning? Sure. But not if IRC_UID is defined and > 0. Prompt or anything else? No. |
|
|
IANA IRC port (194 I think?) <-- technically you don't need to start as root for that, as you can setup a firewall rule to say, forward port 194 (a virtual forward to the same box) to something higher like 6667. Most if not all firewall packages for *nix and *bsd support this in some way shape or form, and its actually quite useful in situations like that :) |
|
|
stupid idea actually.. You flush your fw and everyone is connection reset by peer or ping timeout. |
|
|
And for what reason would you ever flush your firewall ? This wouldn't be for someone who doesn't know what they are doing.... If you have it setup correctly, flushing your firewall doesn't disconnect existing connections, it would just deny new connections to the virtual port. *most* people aren't exactly in the habbit of flushing their firewall if its going to cause disconnections.... |
|
|
I think we can resurrect this idea again ;) See my (2006) comment: add a (clear) warning, but don't warn if IRC_UID (or IRC_USER nowadays?) is in use (coz it will setuid...). |
|
|
unreal-3053-warn-root.patch: Warns users if they are starting UnrealIRCd as root and seteuid() is not enabled. Tested with IRC_USER and IRC_GROUP set and unset, seems to work. |
|
|
Looks good. Though, you might want to mention something about setting IRC_USER in include/config.h in the error message. Basically, give a suggestion of what the user should do: 'Either start the IRCd as another user than root, or properly set IRC_USER in include/config.h'.. something like that... |
|
|
OK, the text has been lengthened to include those instructions and committed. - Warn users against running UnrealIRCd as root without setting IRC_USER. (0003053 reported by Stealth) |
| Date Modified | Username | Field | Change |
|---|---|---|---|
| 2006-09-04 11:45 | Stealth | New Issue | |
| 2006-09-04 12:48 |
|
Note Added: 0012307 | |
| 2006-09-04 14:11 | Stealth | Note Added: 0012308 | |
| 2006-09-04 15:47 | pinstrate | Note Added: 0012309 | |
| 2006-09-04 16:37 | aquanight | Note Added: 0012310 | |
| 2006-09-04 16:57 | syzop | Note Added: 0012311 | |
| 2006-09-04 16:57 | syzop | Status | new => acknowledged |
| 2006-09-07 21:27 | djGrrr | Note Added: 0012348 | |
| 2006-09-08 01:48 | pinstrate | Note Added: 0012359 | |
| 2006-09-08 08:34 | djGrrr | Note Added: 0012360 | |
| 2010-07-14 20:59 | syzop | Relationship added | child of 0003776 |
| 2010-07-14 21:01 | syzop | Note Added: 0016185 | |
| 2010-08-20 05:31 | ohnobinki | Status | acknowledged => assigned |
| 2010-08-20 05:31 | ohnobinki | Assigned To | => ohnobinki |
| 2010-08-20 05:53 | ohnobinki | File Added: unreal-3053-warn-root.patch | |
| 2010-08-20 05:53 | ohnobinki | Note Added: 0016290 | |
| 2010-08-20 11:09 | syzop | Note Added: 0016291 | |
| 2010-08-20 13:11 | ohnobinki | QA | => Not touched yet by developer |
| 2010-08-20 13:11 | ohnobinki | U4: Need for upstream patch | => No need for upstream InspIRCd patch |
| 2010-08-20 13:11 | ohnobinki | Note Added: 0016292 | |
| 2010-08-20 13:11 | ohnobinki | Status | assigned => resolved |
| 2010-08-20 13:11 | ohnobinki | Fixed in Version | => 3.2.9-RC1 |
| 2010-08-20 13:11 | ohnobinki | Resolution | open => fixed |
