You are not logged in.
- Topics: Active | Unanswered
#1 2009-04-07 23:31:57
- Nezmer
- Member
- Registered: 2008-10-24
- Posts: 559
- Website
[Reopened][security] Deluge update, daemon runs as root
>>> Deluge's daemon is running with the "deluge" user. The default download directory is /home/deluge/That's the post-install note .
False initial report:
'/home/deluge' is created but the daemon is running with my user and the previous settings are used . That's a good thing . It just contradicts the post-instll notice .
Update :
It turned out the daemon seems to run as root . Now , that's a bad thing .
Last edited by Nezmer (2009-04-08 19:40:34)
English is not my native language .
Offline
#2 2009-04-08 01:58:23
- MindlessXD
- Member
- Registered: 2007-11-08
- Posts: 18
Re: [Reopened][security] Deluge update, daemon runs as root
The daemon is running as root here... that's _not_ a good thing.
Edit: Oddly enough, my settings and torrents are still there, but the process is running as root, no doubt about it.
Last edited by MindlessXD (2009-04-08 02:02:34)
Offline
#3 2009-04-08 14:13:39
- Nezmer
- Member
- Registered: 2008-10-24
- Posts: 559
- Website
Re: [Reopened][security] Deluge update, daemon runs as root
Oh , that thread was posted . I thought I didn't submit it .
I think the daemon is fine (It shows that It's running as root but I think the privileges are dropped to user 'deluge' like the 'mpd' daemon) .
The question remains though :
As the daemon recognises my user's settings , How would it behave in a multi-user system ?
Last edited by Nezmer (2009-04-08 14:17:02)
English is not my native language .
Offline
#4 2009-04-08 15:40:39
- MindlessXD
- Member
- Registered: 2007-11-08
- Posts: 18
Re: [Reopened][security] Deluge update, daemon runs as root
you sure it's the same deal? mpd looks how I'd expect, but deluge doesn't
ps aux|grep -E 'mpd|deluged'|grep -v grep
root 3967 0.8 3.3 364832 34056 ? Sl Apr07 6:44 /usr/bin/python /usr/bin/deluged
mpd 4204 0.5 0.0 224752 980 ? Sl Mar26 108:57 /usr/bin/mpd /etc/mpd.confLast edited by MindlessXD (2009-04-08 15:44:35)
Offline
#5 2009-04-08 19:35:30
- Nezmer
- Member
- Registered: 2008-10-24
- Posts: 559
- Website
Re: [Reopened][security] Deluge update, daemon runs as root
I guess you're right . Now that's a serious problem .
I will change the title again .
English is not my native language .
Offline
#6 2009-04-08 22:02:58
- rsambuca
- Member
- From: Calgary, Canada
- Registered: 2008-07-21
- Posts: 143
Re: [Reopened][security] Deluge update, daemon runs as root
On my system, both deluge and the deluge daemon are under my user name.
How did you install yours?
Offline
#7 2009-04-08 22:32:05
- Nezmer
- Member
- Registered: 2008-10-24
- Posts: 559
- Website
Re: [Reopened][security] Deluge update, daemon runs as root
On my system, both deluge and the deluge daemon are under my user name.
How did you install yours?
If you run deluged from terminal logged in with your user or start the daemon from within deluge , It will run under your user name .
The latest deluge Arch update added an option to start deluged from '/etc/rc.d/deluged' . The post-install note suggests that this daemon will run with the user 'deluge' and will download to '/home/deluge' . That setup would suggest also that the settings are reseted and a fresh profile would be created specific for the 'deluge' user . The daemon should be system-wide serving all users .
In practice , the daemon is running as root and the previous user-specific settings are preserved .
English is not my native language .
Offline
#8 2009-04-08 22:36:38
- Allan
- Pacman
- From: Brisbane, AU
- Registered: 2007-06-09
- Posts: 11,398
- Website
Re: [Reopened][security] Deluge update, daemon runs as root
File a bug report.
Offline
#9 2009-04-08 22:41:36
- Nezmer
- Member
- Registered: 2008-10-24
- Posts: 559
- Website
Re: [Reopened][security] Deluge update, daemon runs as root
File a bug report.
I'm already on it .
English is not my native language .
Offline
#10 2009-04-08 22:52:29
- Nezmer
- Member
- Registered: 2008-10-24
- Posts: 559
- Website
Re: [Reopened][security] Deluge update, daemon runs as root
Bug reported :
http://bugs.archlinux.org/task/14142
Maybe a user with better "English" should comment there explaining more clearly the problem .
English is not my native language .
Offline
#11 2009-09-03 09:18:26
- kolebas
- Member
- Registered: 2009-09-03
- Posts: 2
Re: [Reopened][security] Deluge update, daemon runs as root
change /etc/rc.d/deluged
#!/bin/bash
. /etc/rc.conf
. /etc/rc.d/functions
[[ -f /var/run/deluged.pid ]] && PID=`cat /var/run/deluged.pid`
case "$1" in
start)
stat_busy "Starting Deluge Daemon"
[[ -z $PID ]] && /usr/bin/deluged 2>&1to
#!/bin/bash
. /etc/rc.conf
. /etc/rc.d/functions
. /etc/conf.d/deluged
[[ -f /var/run/deluged.pid ]] && PID=`cat /var/run/deluged.pid`
case "$1" in
start)
stat_busy "Starting Deluge Daemon"
[[ -z $PID ]] && su -l -c "/usr/bin/deluged" $TRANS_USER& make /etc/conf.d/deluged
TRANS_USER="user"Offline