Page MenuHomePhabricator

Raise severity of "phd.user" warning eventually
Closed, ResolvedPublic


After D11036, we try to run as the configured phd.user and raise a setup check if daemons are running under the wrong user.

If we aren't able to switch to the correct user with sudo, we still launch the daemons (as the wrong user, with a warning). This gives installs with bad configuration some time to fix the problem on their own without anything breaking.

Once installs have had some time to address the issue (say, after a couple of months without anyone raising support issues), we should make phd abort the launch if it is unable to launch as the correct user.

Event Timeline

epriestley raised the priority of this task from to Low.
epriestley updated the task description. (Show Details)
epriestley added a project: Daemons.
epriestley added a subscriber: epriestley.

I should add that the current setup check only alerts if there's a mismatch between config and running daemon.
If phd.user is not configured at all (default) it will not trigger.

One thing I havent quite worked out yet is whether the daemon user (phd in my case) requires a shell and/or home directory. If possible, it's nice to be able to set the shell to something like /bin/false.

The phd user has /bin/false as it's shell on our production instance, and it seems to work fine.