YunoHost/package_linter
1
0
Fork 0
mirror of https://github.com/YunoHost/package_linter.git synced 2024-09-03 20:06:12 +02:00
Code Issues Projects Releases Packages Wiki Activity

Report root services as info instead of warning for Type=oneshot (because these usually are system stuff legitimately running as root)

Browse source
This commit is contained in:
Alexandre Aubin 2021-12-31 02:14:49 +01:00
parent e1cea41ae8
commit 1721516624
1 changed files with 10 additions and 2 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

12
package_linter.py
View file

@ -1033,15 +1033,23 @@ class Configurations(TestSuite):
yield Warning("Can't open/read %s : %s" % (filename, e)) yield Warning("Can't open/read %s : %s" % (filename, e))
return return
if '[Unit]' not in content:
continue
if re.findall(r"^ *Type=oneshot", content, flags=re.MULTILINE):
Level = Info
else:
Level = Warning
matches = re.findall(r"^ *(User|Group)=(\S+)", content, flags=re.MULTILINE) matches = re.findall(r"^ *(User|Group)=(\S+)", content, flags=re.MULTILINE)
if not any(match[0] == "User" for match in matches): if not any(match[0] == "User" for match in matches):
yield Warning( yield Level(
"You should specify a 'User=' directive in the systemd config !" "You should specify a 'User=' directive in the systemd config !"
) )
return return
if any(match[1] in ["root", "www-data"] for match in matches): if any(match[1] in ["root", "www-data"] for match in matches):
yield Warning( yield Level(
"DO NOT run the app's systemd service as root or www-data! Use a dedicated system user for this app! If your app requires administrator priviledges, you should consider adding the user to the sudoers (and restrict the commands it can use!)" "DO NOT run the app's systemd service as root or www-data! Use a dedicated system user for this app! If your app requires administrator priviledges, you should consider adding the user to the sudoers (and restrict the commands it can use!)"
) )