On 25/05/2016 12:50, Christophe-Marie Duquesne wrote:
> I am trying to write a runit script that would require a passphrase
> when starting. This passphrase must not exist in clear on the
> filesystem, and it would require user interaction.
This is not easy to do properly. Supervised services are usually run with
a safe, minimal environment. Typically, with runit, services have their
stdin, stdout and stderr pointing to /dev/console - a design I do not
agree with: it should be /dev/null by default, and /dev/console should only
be used for emergency logging and never for input.
If you need user interaction in a service, you will have to create the way
for the user to interact. /dev/console, as any shared resource, is
dangerous because other programs could grab it and you may end up not
reading the proper input.
If you have X running by the time your service is launched, the ideal
mechanism is one similar to ssh-askpass: you'd give the DISPLAY environment
variable to your service, which would get its user input via an ad-hoc
window on the specified display.
If you don't, then it may be desirable to create a terminal (for instance
in a Linux virtual console) and use it to get user input.
Interactive supervised services are generally not a good idea. If they
die, they cannot be respawned without user action, which goes against the
principle of supervision. If you need authentication, please consider
something similar to ssh-agent, which asks for interactive input once and
provides noninteractive authentication afterwards.
--
Laurent
Received on Wed May 25 2016 - 11:53:00 UTC