[Dev] processes running as root
valentina.giusti at oss.bmw-carit.de
Thu Aug 14 12:53:35 GMT 2014
On 08/12/2014 03:08 PM, Stéphane Desneux wrote:
> Hi Valentina,
> As Casey and Carsten said: things are not black and white... but simply
> gray :) We *try* to reduce the daemons running as root as much as
> possible. But it's not an absolute rule.
> Sometimes, it's possible to migrate a daemon from root to <some system
> user> without much difficulties. A good example is weston in
> Tizen:Common: it runs as a 'display' user, who has the proper rights on
> the DRM and input devices.
> For some other daemons, it can become more tricky.
> If I take a quick look on a recent Tizen:Common snapshot, I can see that
> there are some daemons running as root, as you noticed:
> root 159 1 0 03:22 ? 00:00:00 /usr/sbin/ofonod -n
> root 161 1 0 03:22 ? 00:00:00 /usr/bin/alarm-server
> root 168 1 0 03:22 ? 00:00:00 /usr/sbin/connmand -n
> root 172 1 0 03:22 ? 00:00:00 /usr/bin/security-server
> root 173 1 0 03:22 ? 00:00:00 /usr/bin/media-server
> root 175 1 0 03:22 ? 00:00:00
> root 239 1 0 03:22 ? 00:00:00 /lib/bluetooth/bluetoothd -E
> root 344 1 0 03:22 ? 00:00:00 /usr/sbin/wpa_supplicant -u
> root 1037 173 0 03:23 ? 00:00:00 media-thumbnail-server
> In this list, I see 3 categories:
> - some daemons can very probably run as system users (media-server,
> media-thumbnail-server, ofonod, alarm-server), if we're able to define
> the appropriate rights
> - for network and connectivity daemons (connmand, wpa_supplicant,
> bluetoothd), it may be more tricky to migrate to non-root users, but
> this needs some investigation
> - some services need to run as root (security-server AFAIK)
> As Casey pointed, migrating from root to system users for some daemons
> is an ongoing effort.
thanks for your detailed answer. I was actually wondering how you
proceeded with the identification of the processes that can be run as
system processes and if you planned to continue in that direction for
the services that still run as root.
My guess is that this would help also with having a
> Best regards,
More information about the Dev