2
0
mirror of https://github.com/xcat2/confluent.git synced 2024-11-26 19:40:12 +00:00
Commit Graph

11 Commits

Author SHA1 Message Date
Jarrod Johnson
c0cd6de4f7 Remove PrivateDevices from unit file
PrivateDevices breaks pam_unix, for some reason.  Remove this
protection.  We still have DevicePolicy closed and running as non-root,
so this should still be relatively safe.i
2020-02-13 11:42:21 -05:00
Jarrod Johnson
4437e81e04 Leverage unix_chkpwd
If doing PAM authentication, we
can setuid to the target user and then
pam_unix will use unix_chkpwd on
our behalf.

Problems with this working in the lab
was resolved by a yum reinstall pam,
so it was presumably due to messed up
setcap or similar experiments.
2020-02-13 10:37:15 -05:00
Jarrod Johnson
ce1cb952e8 Fix PAM authentication
It's tricky.  On Redhat platforms, we need the CAP_DAC_READ_SEARCH
capability.  Unfortunately this is one of the nicest capabilities to have.

For now add it to ambient set so that PAM can work on redhat platforms.
Mitigate this risk by safeguarding the license handling code, which
is the only known place that can read a file and send it to somewhere.

If we could drop the capability from effective set and add it back in when
needed, that would be nice, but that appears not to be possible.

Short of that, having a separate authentication process
running and dropping privilege would potentially work.
2020-02-11 14:09:22 -05:00
Jarrod Johnson
66e1d17d28 Have systemd manage confluent run dir
The run directory has to be created and owned by confluent,
or else things cannot start.
2020-02-06 13:45:46 -05:00
Jarrod Johnson
49c00bfbb7 Become root to check a password
Running as non-root had broken PAM support.  Allow setuid so we
can assume root in one specific case.
2020-02-05 16:06:13 -05:00
Jarrod Johnson
0d5fa7a98a Change confluent to run as non-root and harden systemd
This mitigates a great deal of risk compared to prior behavior.
2020-01-31 09:52:52 -05:00
Jarrod Johnson
968efe719a Add CAP_NET_BIND_SERVICE to unit file
This is preparing for running as non-root.

We need this capability to snoop SLP and PXE
2020-01-31 09:34:13 -05:00
Jarrod Johnson
34b7abcb2d Change systemd unit to not have PIDFile
systemctl restart *always* prints a worrying message
with pidfile.
2018-09-07 11:27:43 -04:00
Jarrod Johnson
deb2c3a94a Correct some minor potential issues and add restart on failure 2017-08-25 16:41:22 -04:00
Jarrod Johnson
5ab1d6ea59 Prevent hang on systemctl stop confluent
systemd's default stop seems to be incapable of understanding
how to shut down our service.  Provide an explicit ExecStop
to have systemd act more sanely.
2015-11-02 14:11:07 -05:00
Victor Hu
4d1d016325 Add simple systemd service file for confluent server.
The sysvinit scripts were not returning the same informational
messages when run under systemctl as they were when run
under service.
2015-07-15 13:33:47 -04:00