st2auth should run as root

StackStorm / st2-packages

StackStorm deb/rpm packages (automated docker build pipeline)

https://stackstorm.com/

28 stars 58 forks source link

st2auth should run as root #190

Open martijn-dekkers opened 8 years ago

martijn-dekkers commented 8 years ago

as per https://stackstorm-community.slack.com/archives/community/p1456739781004524 st2auth should run as root to work with PAM

dennybaa commented 8 years ago

@cynaptic-mdekkers hey there. I'm not sure that it's a good idea. Rather than running anything as root there probably should be PAM configuration for st2auth service similar to those other software is using http://linux.die.net/man/5/pam.d.

For example default samba example:

#%PAM-1.0
auth       sufficient   /lib/security/pam_ldap.so
auth       required     /lib/security/pam_unix_auth.so try_first_pass 
account    sufficient   /lib/security/pam_ldap.so
account    required     /lib/security/pam_unix_acct.so

arm4b commented 8 years ago

@dennybaa I guess this is solved via https://github.com/StackStorm/st2-packages/pull/205 ?

If yes, is it available only in 1.4dev package or ready in 1.3.2 package as well?

dennybaa commented 8 years ago

@armab I don't think it solves the PAM problem, #205 doesn't change that we still run st2auth in the same way as unprivileged user st2.

karthi81 commented 7 years ago

I am creating the ssh trust keys then doing lot of stuff(rsync, creating file system, etc using python) and ssh trust keys created under normal user, for example /users/tony/.ssh but when I call the same function via st2 from tony login, then ssh keys are creating under root. I could not figure out that why is creating keys under root user. Can someone help me to understand the issue?

arm4b commented 7 years ago

@karthi81 I guess your issue related to https://github.com/StackStorm/st2/issues/3298. That's because st2actionrunner service is executed by root.