[systemd-devel] forking PIDFile question

Jonathan de Boyne Pollard J.deBoynePollard-newsgroups at NTLWorld.COM
Wed Feb 21 06:31:23 UTC 2018


steve at goodey.org:
> [Service]
>
> Type=forking
>

Your program has an -f option to stop it from vainly trying to 
re-daemonize itself.  Use it; and do not use Type=forking in the first 
place.

* 
http://jdebp.eu./FGA/unix-daemon-design-mistakes-to-avoid.html#DoNotBackgroundise

The supplied systemd service unit that comes packaged by Ubuntu/Debian 
does this.  You can ignore its use of -s 1 , as systemd will log the 
program's standard output and -s 0 will do quite well.

* 
https://sources.debian.org/src/lcdproc/0.5.9-2/debian/lcdproc.LCDd.service/

steve at goodey.org:
>
> [server]
>
> User=nobody

Also, do not abuse nobody for dæmons.  Use a dedicated unprivileged user 
account, such as (for example) lcdproc.  Name the unprivileged user 
account in the service unit in a User= setting, and using filesystem 
ACLs or otherwise grant it nothing except the permission to open 
/dev/ttyUSB0 for writing and to open the configuration file for reading.

* http://jdebp.eu./FGA/dont-abuse-nobody-for-daemons.html

Currently, you are running your program as the superuser with a 
configuration file owned by an unprivileged user.  This is a backdoor 
into your system, as anyone who compromises that unprivileged user 
account (which is the one that you run your WWW browser as, and that you 
use to run software build systems and other programs downloaded from 
other people that you do not know, ne?) can rewrite the configuration 
file and thereby persuade a superuser-privileged process to open an 
arbitrary file and write stuff (which it does before it attempts to 
detect whether it is running as the superuser).


More information about the systemd-devel mailing list