systemd unit: run as 'daemon' user, not root

[zdzichu]

Debian has been running uptimed as 'daemon' for three years now.
Root permissions are unneccessary. Packagers should ensure that
/var/spool/uptimed is chown'ed on upgrade.

[rpodgorny]

hmm, interesting! ...is there any document explaining the policy? (why the daemon user? why not nobody or something like that?)

i can't seem to find anything like this for arch linux (the distro i currently use).

[zdzichu]

Debians policy is at: https://wiki.debian.org/SystemGroups:
"daemon: Some unprivileged daemons that need to write to files on disk run as daemon.daemon (e.g., portmap, atd, probably others). Daemons that don't need to own any files can run as nobody.nogroup instead, and more complex or security conscious daemons run as dedicated users."

uptimed needs to own history in /var/spool/uptimed, so it's incompatible with Debian's "nobody". I think creating dedicated user for uptimed would be an overkill.

Arch mainly follows upstream, so if upstream uptimed runs as root, the same is true for Arch. I was unable to find any specific policy.

Fedora did not seem to have policy about "daemon" user, too. I've switched uptimed from running as root to running as daemon in Fedora 23, though.

[gfa]

If i had to made the switch to a non-root user, I'd create a new user (_uptimed) instead of using daemon but that boat sailed long ago for Debian, so yeah pls accept this PR

[rpodgorny]

hmm, has this advanced/changed in debian/fedora meanwhile?

also, if ownership of /var/spool/uptimed is to be changed, shouldn't there a systemd-tmpfiles snippet as well?

[zdzichu]

Current state:

• Fedora is running uptimed as "daemon" user since 2015 (for six years) and I've received 0 (zero) bugreports about that;
  The package did chown from root to daemon:daemon of /var/spool/uptimed on upgrade. I've recently removed that, as 12 distribution releases of backward compatibility should be more than enough (https://src.fedoraproject.org/rpms/uptimed/c/ccf71cc6f6775f9ab2f0824bc9e089cbb5380691?branch=rawhide)

• Debian continues to run uptimed as daemon. No change here in recent years. @xtaran could you confirm?

[xtaran]

Hi,

sorry for chiming in late. Did seem to have overseen the according notification and stumbled over the nick highlight just by accident.

@rpodgorny wrote:

hmm, has this advanced/changed in debian/fedora meanwhile?

@zdzichu wrote:

• Debian continues to run uptimed as daemon. No change here in recent years. @xtaran could you confirm?

I can confirm that there were no changes wrt. the user uptimed is running under on Debian since I took over the uptimed Debian package. And I also don't intend to change this as it works well that way.

@rpodgorny wrote:

also, if ownership of /var/spool/uptimed is to be changed, shouldn't there a systemd-tmpfiles snippet as well?

No. /var/spool/ is not a directory that is handled by systemd-tmpfiles. It only handles volatile directories. /var/spool/ is not volatile.

The ownership of that directory is set in Debian's postinst script.

[zdzichu]

I think it is warranted to merge this PR now.