systemd: d /run/stubby 0750 root stubby - - makes no sense

[letoams]

tmpfiles say:

d /run/stubby 0750 root stubby - -

What is the point of /run/stubby in mode 0750 owner root, if stubby is started as user stubby?
It won't be able to write anything in the directory. If there is anything to read there, who places it in that directory (as root even, so not stubby itself)

Why is this directory needed at all?

[bpereto]

Because systemd service start fails with error 210/CHROOT until the directory exists.
With the WorkingDirectory=/run/stubby in the service unit

[libreswan]

Ok, so we can just remove WorkingDir= from the system service file, and remove all the tmpfiles handling

[wtoorop]

@dkg @letoams The systemd files were contributed. I suspect mode 0750 was a mistake. Or perhaps having UID root was.

Stubby needs a writeable directory for Zero configuration DNSSEC. Would /run/stubby be suitable for this? (I think it is) If so, I'll update the systemd files and stubby.yml to suggest a configuration like that.

[letoams]

On Mon, 30 Apr 2018, wtoorop wrote: @dkg @letoams The systemd files were contributed. I suspect mode 0750 was a mistake. It is desirable for stubby to have a writeable directory for Zero configuration DNSSEC. Would /run/stubby be suitable for this? If so, I'll update the systemd files and stubby.yml to suggest a configuration like that.

If there is no pid file in that directory then we can do that. If there is a pid file then it would be dangerous to let stubby have permission to change it to a potential malicious link. Paul

[ArchangeGabriel]

@wtoorop /var/run/ is a symlink to /run/ on my system. Looking at /run/ content, I think it the stubby folder should be owned by stubby itself.

This folder is supposed to remain empty outside of zero-config DNSSEC anyway. So no PID file here indeed.

@wtoorop We might also want to use this as $HOME for the stubby user btw. Unless you prefer keeping no home folder and fixing appdata_dir in the default config?

[wtoorop]

@ArchangeGabriel Yes, I agree the folder should be owned by user stubby.

I will include a commented out appdata_dir in stubby.yml, because stubby is not always managed by systemd (definitely not on MacOS and Windows, and probably also not on BSDs).
You could do perhaps something like

sed 's/^# appdata_dir:/appdata_dir:/g' stubby.yml.example >etc/stubby/stubby.yml

from the PKGBUILD script?
I'll make a note in the README.md about that setting too.

I don't have a strong preference whether or not to give the system user stubbya home directory.
It feels slightly more secure if it wouldn't have one to me.. What do you think?

[wtoorop]

Done so with commit 862c90b

[ArchangeGabriel]

@wtoorop Sorry for the delay in answering. Does the new systemd service file works if a stubby system user already exists? If you don’t know I’ll have a look later today.

[wtoorop]

Yes, I tested. It will reuse the existing user.

[ArchangeGabriel]

I found it in the doc too. So the current service file is really amazing!

[ArchangeGabriel]

Oh and this issue should be closed now. ;)

[wtoorop]

Thanks :)!