[pkg-bacula-commits] [bacula] 04/06: Remove documentation to run as non-root

[Sven Hartge]

This is an automated email from the git hooks/post-receive script.

hartge-guest pushed a commit to branch hardcode-users
in repository bacula.

commit 963af31e6fd161a5546e024b067e374101c752c4
Author: Sven Hartge <sven at svenhartge.de>
Date:   Sat Sep 10 21:25:50 2016 +0200

    Remove documentation to run as non-root
---
 debian/README.Debian | 31 -------------------------------
 debian/changelog     |  8 +-------
 2 files changed, 1 insertion(+), 38 deletions(-)

diff --git a/debian/README.Debian b/debian/README.Debian
index d30177c..d75b2f9 100644
--- a/debian/README.Debian
+++ b/debian/README.Debian
@@ -89,37 +89,6 @@ installing a different bacula-director-DBTYPE package. This will pull
 in the needed dependencies for the new database backend and remove the
 ones from the old one.
 
-ENABLING NON-ROOT MODE FOR BACULA-FD
-=====================================
-
-On Linux systems with capabilities bacula-fd runs as a non-root user
-with read-only privileges to all files. This reduces the attack
-surface the daemon provides.
-
-You can enable this security feature the following ways, depending on
-your system setup:
-
-a) for SysV-init based systems:
-
-   Edit /etc/default/bacula-fd and add
-   ENABLE_NONROOT=true
-
-b) for systemd based systems:
-
-   Use systemctl edit bacula-fd.service and put the following lines
-   into the override configuration:
-
-   [Service]
-   User=bacula
-   Group=bacula
-
-Warning: if you run bacula-fd as non-root, you will not be able to
-restore file directly to the original positions, restored files
-will have to go to a path writable by the user bacula-fd runs as,
-for example /tmp/bacula-restores. Restored files will also have the
-wrong user and possibly missing ACLs.
-
-
 CONSOLE
 =======
 
diff --git a/debian/changelog b/debian/changelog
index bb2278e..5982dad 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -2,14 +2,8 @@ bacula (7.4.3+dfsg-6~fixuser1) UNRELEASED; urgency=medium
 
   [ Sven Hartge ]
   * Remove configuration option to change runtime user for director
-    and storage daemon. This was broken never really possible without
+    and storage daemon. This was never really possible without
     recompiling the package in the first place.
-  * Add capability cap_dac_read_search to bacula-fd, making it possible
-    to run as non-root
-  * change bacula-fd init-script and systemd unit to be able to run as
-    non-root (Closes: #699149)
-  * README.Debian contains documentation on how to enable this feature,
-    if needed
 
  -- Sven Hartge <sven at svenhartge.de>  Tue, 18 Jul 2016 23:59:59 +0200
 

-- 
Alioth's /usr/local/bin/git-commit-notice on /srv/git.debian.org/git/pkg-bacula/bacula.git