Services can only run as root
| Affects | Status | Importance | Assigned to | Milestone | |
|---|---|---|---|---|---|
| Snapcraft |
Invalid
|
Undecided
|
Unassigned | ||
| Snappy |
Triaged
|
High
|
Jamie Strandboge | ||
Bug Description
PostgreSQL refuses to run as root and upstream very deliberately made it so this behaviour cannot be turned off. Even if I had a way of creating a user when the snap is installed, trying to drop privs with setuid/setgid fails.
My only current work around is to patch the source, removing the checks myself. Even if I could convince the extremely conservative upstream to rethink their choice and allow the checks to be disabled at configure or runtime it would not be available until the next major release.
I'd like for daemons to be able to drop their privileges. Lots of daemons try to drop privileges (usually to restricted accounts like nobody or daemon), so this should be possible without patching.
I'd like it possible to create users and groups as a snap preinstallation step. And I'd like to be able to declare these users and groups in snapcraft.yaml.
| summary: |
- Cannot run daemons as non-root + Services can only run as root |
| Jamie Strandboge (jdstrand) wrote | #1 |
| tags: | added: snapd-interface |
| Changed in snapcraft: | |
| status: | New → Invalid |
| Changed in snappy: | |
| status: | New → Triaged |
| importance: | Undecided → High |
| Jamie Strandboge (jdstrand) wrote | #2 |
| Changed in snappy: | |
| assignee: | nobody → Jamie Strandboge (jdstrand) |
| Lars Tangvald (lars-tangvald) wrote | #3 |
I feel like there is already a bug on this but I can't seem to find it.
snap-confine now has the ability to filter arguments. This allows us to create policy for setuid, etc. Initially we will allow dropping to a non-root user that is already on the system (eg, 'daemon') which would fix this bug for you.
Eventually I think it would be nice to have snapcraft.yaml support for requesting a particular user. This needs to be designed, but I suspect allowing, opt-in, a user name that is the SNAP_NAME would be a stop along the path.