[pkg-bacula-commits] [bacula] 04/06: Remove documentation to run as non-root
Sven Hartge
hartge-guest at moszumanska.debian.org
Sat Sep 10 19:28:19 UTC 2016
This is an automated email from the git hooks/post-receive script.
hartge-guest pushed a commit to branch hardcode-users
in repository bacula.
commit 963af31e6fd161a5546e024b067e374101c752c4
Author: Sven Hartge <sven at svenhartge.de>
Date: Sat Sep 10 21:25:50 2016 +0200
Remove documentation to run as non-root
---
debian/README.Debian | 31 -------------------------------
debian/changelog | 8 +-------
2 files changed, 1 insertion(+), 38 deletions(-)
diff --git a/debian/README.Debian b/debian/README.Debian
index d30177c..d75b2f9 100644
--- a/debian/README.Debian
+++ b/debian/README.Debian
@@ -89,37 +89,6 @@ installing a different bacula-director-DBTYPE package. This will pull
in the needed dependencies for the new database backend and remove the
ones from the old one.
-ENABLING NON-ROOT MODE FOR BACULA-FD
-=====================================
-
-On Linux systems with capabilities bacula-fd runs as a non-root user
-with read-only privileges to all files. This reduces the attack
-surface the daemon provides.
-
-You can enable this security feature the following ways, depending on
-your system setup:
-
-a) for SysV-init based systems:
-
- Edit /etc/default/bacula-fd and add
- ENABLE_NONROOT=true
-
-b) for systemd based systems:
-
- Use systemctl edit bacula-fd.service and put the following lines
- into the override configuration:
-
- [Service]
- User=bacula
- Group=bacula
-
-Warning: if you run bacula-fd as non-root, you will not be able to
-restore file directly to the original positions, restored files
-will have to go to a path writable by the user bacula-fd runs as,
-for example /tmp/bacula-restores. Restored files will also have the
-wrong user and possibly missing ACLs.
-
-
CONSOLE
=======
diff --git a/debian/changelog b/debian/changelog
index bb2278e..5982dad 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -2,14 +2,8 @@ bacula (7.4.3+dfsg-6~fixuser1) UNRELEASED; urgency=medium
[ Sven Hartge ]
* Remove configuration option to change runtime user for director
- and storage daemon. This was broken never really possible without
+ and storage daemon. This was never really possible without
recompiling the package in the first place.
- * Add capability cap_dac_read_search to bacula-fd, making it possible
- to run as non-root
- * change bacula-fd init-script and systemd unit to be able to run as
- non-root (Closes: #699149)
- * README.Debian contains documentation on how to enable this feature,
- if needed
-- Sven Hartge <sven at svenhartge.de> Tue, 18 Jul 2016 23:59:59 +0200
--
Alioth's /usr/local/bin/git-commit-notice on /srv/git.debian.org/git/pkg-bacula/bacula.git
More information about the pkg-bacula-commits
mailing list