[MXS-116] Do not run maxscale as root. Created: 2015-04-23  Updated: 2015-07-29  Resolved: 2015-05-27

Status: Closed
Project: MariaDB MaxScale
Component/s: Core
Affects Version/s: 1.1.0
Fix Version/s: 1.2.0

Type: Bug Priority: Major
Reporter: Simon J Mudd Assignee: markus makela
Resolution: Fixed Votes: 0
Labels: None

Issue Links:
Relates
relates to MXS-157 Test Non-root execution Closed
relates to MXS-24 bugzillaId-604: Module load path docu... Closed
relates to MXS-133 Testing MaxScale 1.2.0 Features Closed
Epic Link: MaxScale 1.2 Features

 Description   

This is really poor manners.
I'm not sure if there's a reason for it other than this has not been looked at but please consider:

  • not allowing maxscale to run as the root user
  • if running as the root user, dropping privileges to a different user (maxscale?) that's configured for example in MaxScale.cnf
  • this should pretty much match the behaviour of MySQL or MariaDB, and it prevents possible exploits should something break in the code.

[note: you need a component: Generic and a Versions: All versions]

 Comments   
Comment by markus makela [ 2015-05-10 ]

The current implementation of this change is in the install_dir_change branch on GitHub.

Comment by Timofey Turenko [ 2015-05-22 ]

binlog dir is defined by option in maxscale.cnf. I will take care of binlog dir in my tests, but we need:

1. add note to the documentation that binlog directory have to be readable and writable by 'maxscale' user (probably here https://github.com/mariadb-corporation/MaxScale/blob/develop/Documentation/Tutorials/Replication-Proxy-Binlog-Router-Tutorial.md#binlogdir)

2. take care of binlog directory during upgrade process: i'm not sure what should we do here - just change access rights or move files and how can upgrade script find binlog dir (need to parse .cnf??)

Comment by Simon J Mudd [ 2015-05-24 ]

For what it's worth I don't run maxscale as root. I run it by default as a user maxscale.

The binlogdir is by default the same as the service directory unless explicitly configured as a router option. (I configure it as an explicit router option so I can specify where the binlog directory resides.) This directory is already readable and writeable by this user, so the only thing I will need to do is remove my own wrapper which change maxscale to be run as "maxscale" to use the new mechanism for this.

What's probably a good idea however, is for MaxScale's binlog router to check on start up if the binlogdir is readable and also writable and if it's not to basically give an error that permissions are wrong etc and point to what the cause might be. If the process is running as root then point to the fact that this is not now expected. If the binlogdirectory is owned by root and maxscale is running as another user then don't fix this but state what the problem is and that probably the binlog directory ownership needs to be changed. If the error message is clear then this should not be problematic.

Comment by Dipti Joshi (Inactive) [ 2015-06-16 ]

markus makela Which user documentation needs to be updated for this feature ?

Comment by Joffrey MICHAIE (Inactive) [ 2015-07-29 ]

Hi,

Installed maxscale 1.2.0 on debian 7.8.

The init script contains, on line 48 (no quotes):

DAEMON_OPTS= --user=maxscale

Which leads to a warning at startup:

/etc/init.d/maxscale: line 48: --user=maxscale: command not found

I put single quotes, no more error at startup, but still I see it is running as root:

root@server:~# ps auxwwf |grep maxscale
 
root     17329  0.1  0.1 586720 51392 ?        Ssl  14:06   0:17 /usr/bin/maxscale  --user=maxscale

Joffrey

Comment by Dipti Joshi (Inactive) [ 2015-07-29 ]

joffrey Please open a new bug for this.

Thanks,
Dipti

Generated at Thu Feb 08 03:56:54 UTC 2024 using Jira 8.20.16#820016-sha1:9d11dbea5f4be3d4cc21f03a88dd11d8c8687422.