Package Details: keybase-bin 1.0.45_20180321163509+89c9a0ef3a-1

Git Clone URL: (read-only)
Package Base: keybase-bin
Description: the Keybase Go client, filesystem, and GUI
Upstream URL:
Licenses: BSD
Conflicts: keybase, keybase-git, keybase-release
Submitter: oconnor663
Maintainer: oconnor663 (keybase)
Last Packager: keybase
Votes: 108
Popularity: 8.360912
First Submitted: 2016-06-22 16:52
Last Updated: 2018-03-21 16:46

Latest Comments

oconnor663 commented on 2018-03-04 20:05

We're working on replacing the "mount helper" entirely with a small root process that will serve symlinks pointing to a user-specific mount under your homedir. That should both avoid some security issues and support the "multiple users on the same system" case properly for the first time. So in short, all of this stuff is in flux. (Folks who prefer to disable all of this, see

Eschwartz commented on 2018-03-04 00:10

@eduard, see and note that the latest git version of keybase will "fix" this by simply running the mount helper as SUID root.

eduard commented on 2018-03-03 07:46

/usr/bin/run_keybase: line 121: 4298 Segmentation fault keybase-mount-helper -user-mount "$mountdir"

gdamjan commented on 2018-02-25 18:03

@Eschwartz I agree completely with you.

Eschwartz commented on 2018-02-25 17:53

Currently /keybase is just a pointless symlink to /var/lib/keybase/mount1 which is itself a pointless symlink to ~/.local/share/keybase/fs for the first user account on the computer that used keybase.

This obviously requires something to perform the symlinking. The keybasehelper user and suid binary manage this to ensure that /keybase remains a symlink to wherever your kbfs mountpoint is truly located. This achieves no goal other than to ensure that people can reference /keybase and the filepath will work everywhere... assuming that by everywhere you mean on single-user systems...


1) it doesn't even really work entirely, and maintaining this legacy symlink is inferior to simply using the correct location.

2) It requires having yet another /etc/passwd entry, and on top of that requires running a suid binary -- which is admittedly not so bad considering that it only runs as a restricted user account. Now instead of a world-writable mountpoint directory in root, there is a symlink in root to a symlink owned by a suid binary that points to a mountpoint.

Since I'm the one who is packaging the community package, I'm the one who gets to say I won't implement this, and people should just join the future and use ~/.local/share/keybase/fs or configure their own mountdir via keybase config. ;)

gdamjan commented on 2018-02-25 17:30

What exactly is "suid-keybasehelper-and-extra-system-user shenanigans"?

setting homedir as / for a uid that doesn't do much, is fine

Eschwartz commented on 2018-02-23 19:22

FWIW I've just updated keybase and added a new kbfs package in [community].

I'm not doing this suid-keybasehelper-and-extra-system-user shenanigans though, so if you use the community packages you'll just have to use ~/.local/share/keybase/fs or set the configuration yourself. ;)

Eschwartz commented on 2018-02-23 17:42

No, they are using systemd-sysusers actually...

oconnor663 commented on 2018-02-23 17:11

@gdamjan thanks for pointing that out. It looks like what other services are doing is setting their users' homedirs to /. Does that sound right to you?

gdamjan commented on 2018-02-23 11:52

sudo /usr/bin/pwck -r

user 'keybasehelper': directory '/home/keybasehelper' does not exist

All comments