[arch-dev-public] [signoff] pkgstats 2.1-1
Hi everybody, pkgstats is neither in [core] or critical but nonetheless I'd like to get some positive feedback before moving it to extra and making an announcement. I have added a cronjob which is installed to /etc/cron.weekly and run as user nobody. This makes it an "install and forget" package and we'll get data regulary and just when we ask for it. Sending user data periodically to us is a critical thing. To decrease people's concerns (and mine) I have implemented it this way: * pkgstats will remain an optional package * the script is kept as easy as possible for people to see what it does * the cron is run as nobody and not root (anyone knows how to do this without sudo? no, su does not work it seems) * don't collect more data than is really needed for our work Greetings, Pierre -- Pierre Schmitz, https://users.archlinux.de/~pierre
Am 13.09.2010 13:05, schrieb Pierre Schmitz:
* the cron is run as nobody and not root (anyone knows how to do this without sudo? no, su does not work it seems)
$ su -c "/usr/bin/pkgstats" nobody I use this everywhere, and it works.
On Mon, 13 Sep 2010 13:16:53 +0200, Thomas Bächler <thomas@archlinux.org> wrote:
Am 13.09.2010 13:05, schrieb Pierre Schmitz:
* the cron is run as nobody and not root (anyone knows how to do this without sudo? no, su does not work it seems)
$ su -c "/usr/bin/pkgstats" nobody I use this everywhere, and it works.
Doesn't work here (tested on several systems). It always asks me to change the password for the user nobody. -- Pierre Schmitz, https://users.archlinux.de/~pierre
Am 13.09.2010 13:18, schrieb Pierre Schmitz:
On Mon, 13 Sep 2010 13:16:53 +0200, Thomas Bächler <thomas@archlinux.org> wrote:
Am 13.09.2010 13:05, schrieb Pierre Schmitz:
* the cron is run as nobody and not root (anyone knows how to do this without sudo? no, su does not work it seems)
$ su -c "/usr/bin/pkgstats" nobody I use this everywhere, and it works.
Doesn't work here (tested on several systems). It always asks me to change the password for the user nobody.
Yes, the user needs to be able to log in (nobody has an invalid shell by default iirc). I think you can work around this, somehow, I'll check later. sudo seems like a bad choice anyway.
[2010-09-13 15:43:33 +0200] Thomas Bächler:
Am 13.09.2010 13:18, schrieb Pierre Schmitz:
On Mon, 13 Sep 2010 13:16:53 +0200, Thomas Bächler <thomas@archlinux.org> wrote:
Am 13.09.2010 13:05, schrieb Pierre Schmitz:
* the cron is run as nobody and not root (anyone knows how to do this without sudo? no, su does not work it seems)
$ su -c "/usr/bin/pkgstats" nobody I use this everywhere, and it works.
Doesn't work here (tested on several systems). It always asks me to change the password for the user nobody.
Yes, the user needs to be able to log in (nobody has an invalid shell by default iirc).
This can be overriden by "su -s /bin/sh nobody"; the issue here is that the third field of nobody's entry in /etc/shadow (which indicates when the password was last changed) is set to "0" (any positive value would work). -- Gaetan
On Mon, 13 Sep 2010 16:52:07 +0200, Gaetan Bisson <bisson@archlinux.org> wrote:
[2010-09-13 15:43:33 +0200] Thomas Bächler:
Am 13.09.2010 13:18, schrieb Pierre Schmitz:
On Mon, 13 Sep 2010 13:16:53 +0200, Thomas Bächler <thomas@archlinux.org> wrote:
Am 13.09.2010 13:05, schrieb Pierre Schmitz:
* the cron is run as nobody and not root (anyone knows how to do this without sudo? no, su does not work it seems)
$ su -c "/usr/bin/pkgstats" nobody I use this everywhere, and it works.
Doesn't work here (tested on several systems). It always asks me to change the password for the user nobody.
Yes, the user needs to be able to log in (nobody has an invalid shell by default iirc).
This can be overriden by "su -s /bin/sh nobody"; the issue here is that the third field of nobody's entry in /etc/shadow (which indicates when the password was last changed) is set to "0" (any positive value would work).
Interesting. I wonder if that is a bug in our default shadow file or some weired feature. Shouldn't this just be empty to disable password aging? See man 5 shadow -- Pierre Schmitz, https://users.archlinux.de/~pierre
[2010-09-13 18:00:07 +0200] Pierre Schmitz:
On Mon, 13 Sep 2010 16:52:07 +0200, Gaetan Bisson <bisson@archlinux.org> wrote:
This can be overriden by "su -s /bin/sh nobody"; the issue here is that the third field of nobody's entry in /etc/shadow (which indicates when the password was last changed) is set to "0" (any positive value would work).
Interesting. I wonder if that is a bug in our default shadow file or some weired feature. Shouldn't this just be empty to disable password aging?
I think so - FWIW, I can't think of any reason why we would want password aging for system accounts. -- Gaetan
On Mon, 13 Sep 2010 13:05:26 +0200 Pierre Schmitz <pierre@archlinux.de> wrote:
* the cron is run as nobody and not root (anyone knows how to do this without sudo? no, su does not work it seems)
You can setuid the file and give it a specific owner, it will be run as that user. If that's what you're asking. Also, make sure we don't ddos ourselves. Dieter
On Mon, 13 Sep 2010 13:22:03 +0200, Dieter Plaetinck <dieter@plaetinck.be> wrote:
On Mon, 13 Sep 2010 13:05:26 +0200 Pierre Schmitz <pierre@archlinux.de> wrote:
* the cron is run as nobody and not root (anyone knows how to do this without sudo? no, su does not work it seems)
You can setuid the file and give it a specific owner, it will be run as that user. If that's what you're asking.
Yes, thought about that too. But: nobody shouldn't own any files; especially executables. And: afaik you cannot suid a shell-script. The script is not run, but the interpreter which then runs the script.
Also, make sure we don't ddos ourselves.
Well, collecting the data is not that expensive. But there is still some room to make it even cheaper if needed. But afaik weekly crons are not executed at the same milisecond and there are also different time zones and not every clock is in sync. -- Pierre Schmitz, https://users.archlinux.de/~pierre
On Mon, 13 Sep 2010 13:32:50 +0200 Pierre Schmitz <pierre@archlinux.de> wrote:
On Mon, 13 Sep 2010 13:22:03 +0200, Dieter Plaetinck
You can setuid the file and give it a specific owner, it will be run as that user. If that's what you're asking.
Yes, thought about that too. But: nobody shouldn't own any files; especially executables. And: afaik you cannot suid a shell-script. The script is not run, but the interpreter which then runs the script.
ah, right. is there a specific reason why nobody shouldn't own any files?
Also, make sure we don't ddos ourselves.
Well, collecting the data is not that expensive. But there is still some room to make it even cheaper if needed. But afaik weekly crons are not executed at the same milisecond and there are also different time zones and not every clock is in sync.
sure, just thought i would mention. At my previous company an iphone-app developer built an app which automatically polled our servers every x minutes, and we got a self-inflicted ddos when it went live :) Dieter
Am 13.09.2010 13:22, schrieb Dieter Plaetinck:
On Mon, 13 Sep 2010 13:05:26 +0200 Pierre Schmitz <pierre@archlinux.de> wrote:
* the cron is run as nobody and not root (anyone knows how to do this without sudo? no, su does not work it seems)
You can setuid the file and give it a specific owner, it will be run as that user. If that's what you're asking.
That is so not true. setuid is much more obscure and confusing than that - and most importantly, does not work on shell scripts.
On Mon, Sep 13, 2010 at 8:44 AM, Thomas Bächler <thomas@archlinux.org> wrote:
Am 13.09.2010 13:22, schrieb Dieter Plaetinck:
On Mon, 13 Sep 2010 13:05:26 +0200 Pierre Schmitz <pierre@archlinux.de> wrote:
* the cron is run as nobody and not root (anyone knows how to do this without sudo? no, su does not work it seems)
You can setuid the file and give it a specific owner, it will be run as that user. If that's what you're asking.
That is so not true. setuid is much more obscure and confusing than that - and most importantly, does not work on shell scripts.
Go with something a bit more powerful than shell scripting? http://perldoc.perl.org/POSIX.html You can call POSIX::setuid() and setgid() to drop permissions. -Dan
On Mon, 13 Sep 2010 13:05:26 +0200, Pierre Schmitz <pierre@archlinux.de> wrote:
Hi everybody,
pkgstats is neither in [core] or critical but nonetheless I'd like to get some positive feedback before moving it to extra and making an announcement.
I have added a cronjob which is installed to /etc/cron.weekly and run as user nobody. This makes it an "install and forget" package and we'll get data regulary and just when we ask for it.
Sending user data periodically to us is a critical thing. To decrease people's concerns (and mine) I have implemented it this way: * pkgstats will remain an optional package * the script is kept as easy as possible for people to see what it does * the cron is run as nobody and not root (anyone knows how to do this without sudo? no, su does not work it seems) * don't collect more data than is really needed for our work
Greetings,
Pierre
The new version no longer requires sudo. If there are no objections I'll move this to extra once filesystem is in core. -- Pierre Schmitz, https://users.archlinux.de/~pierre
participants (5)
-
Dan McGee
-
Dieter Plaetinck
-
Gaetan Bisson
-
Pierre Schmitz
-
Thomas Bächler