* Implemented backend daemon drop privileges after initialization to

run as non-privileged user
2019-09-14 18:34:32 +02:00 · 2019-09-14 18:34:32 +02:00 · 27fd99e7cd
commit 27fd99e7cd
parent cacba627b5
61 changed files with 673 additions and 207 deletions
--- a/test/lib.sh
+++ b/test/lib.sh
@ -109,6 +109,14 @@ if [ ! -d $dir ]; then
    mkdir $dir
 fi

+# Some tests may set owner of testdir to something strange and quit, need
+# to reset to me
+if [ ! -G $dir ]; then 
+    u=$(whoami)
+    sudo chown $u $dir
+    sudo chgrp $u $dir
+fi
+
 # If you bring your own backend BE=0 (it is already started),the backend may
 # have created some files (eg unix socket) in $dir and therefore cannot
 # be deleted
--- a/test/test_augment.sh
+++ b/test/test_augment.sh
@ -218,7 +218,7 @@ fi

 new "Kill backend"
 # Check if premature kill
-pid=$(pgrep -u $BUSER -f clixon_backend)
+pid=$(pgrep -u root -f clixon_backend)
 if [ -z "$pid" ]; then
    err "backend already dead"
 fi
--- a/test/test_choice.sh
+++ b/test/test_choice.sh
@ -287,7 +287,7 @@ fi

 new "Kill backend"
 # Check if premature kill
-pid=$(pgrep -u $BUSER -f clixon_backend)
+pid=$(pgrep -u root -f clixon_backend)
 if [ -z "$pid" ]; then
    err "backend already dead"
 fi
--- a/test/test_cli.sh
+++ b/test/test_cli.sh
@ -126,7 +126,7 @@ fi

 new "Kill backend"
 # Check if premature kill
-pid=$(pgrep -u $BUSER -f clixon_backend)
+pid=$(pgrep -u root -f clixon_backend)
 if [ -z "$pid" ]; then
    err "backend already dead"
 fi
--- a/test/test_cli_history.sh
+++ b/test/test_cli_history.sh
@ -118,7 +118,7 @@ fi

 new "Kill backend"
 # Check if premature kill
-pid=$(pgrep -u $BUSER -f clixon_backend)
+pid=$(pgrep -u root -f clixon_backend)
 if [ -z "$pid" ]; then
    err "backend already dead"
 fi
--- a/test/test_cli_multikey.sh
+++ b/test/test_cli_multikey.sh
@ -132,7 +132,7 @@ fi

 new "Kill backend"
 # Check if premature kill
-pid=$(pgrep -u $BUSER -f clixon_backend)
+pid=$(pgrep -u root -f clixon_backend)
 if [ -z "$pid" ]; then
    err "backend already dead"
 fi
--- a/test/test_copy_config.sh
+++ b/test/test_copy_config.sh
@ -163,7 +163,7 @@ fi

 new "Kill backend"
 # Check if premature kill
-pid=$(pgrep -u $BUSER -f clixon_backend)
+pid=$(pgrep -u root -f clixon_backend)
 if [ -z "$pid" ]; then
    err "backend already dead"
 fi
--- a/test/test_feature.sh
+++ b/test/test_feature.sh
@ -191,7 +191,7 @@ fi

 new "Kill backend"
 # Check if premature kill
-pid=$(pgrep -u $BUSER -f clixon_backend)
+pid=$(pgrep -u root -f clixon_backend)
 if [ -z "$pid" ]; then
    err "backend already dead"
 fi
--- a/test/test_identity.sh
+++ b/test/test_identity.sh
@ -316,7 +316,7 @@ fi

 new "Kill backend"
 # Check if premature kill
-pid=$(pgrep -u $BUSER -f clixon_backend)
+pid=$(pgrep -u root -f clixon_backend)
 if [ -z "$pid" ]; then
    err "backend already dead"
 fi
--- a/test/test_leafref.sh
+++ b/test/test_leafref.sh
@ -194,7 +194,7 @@ fi

 new "Kill backend"
 # Check if premature kill
-pid=$(pgrep -u $BUSER -f clixon_backend)
+pid=$(pgrep -u root -f clixon_backend)
 if [ -z "$pid" ]; then
    err "backend already dead"
 fi
--- a/test/test_minmax.sh
+++ b/test/test_minmax.sh
@ -231,7 +231,7 @@ fi

 new "Kill backend"
 # Check if premature kill
-pid=$(pgrep -u $BUSER -f clixon_backend)
+pid=$(pgrep -u root -f clixon_backend)
 if [ -z "$pid" ]; then
    err "backend already dead"
 fi
--- a/test/test_nacm.sh
+++ b/test/test_nacm.sh
@ -188,7 +188,7 @@ fi

 new "Kill backend"
 # Check if premature kill
-pid=$(pgrep -u $BUSER -f clixon_backend)
+pid=$(pgrep -u root -f clixon_backend)
 if [ -z "$pid" ]; then
    err "backend already dead"
 fi
--- a/test/test_nacm_default.sh
+++ b/test/test_nacm_default.sh
@ -153,7 +153,7 @@ EOF
    if [ $BE -ne 0 ]; then     # Bring your own backend
 	new "Kill backend"
 	# Check if premature kill
-	pid=$(pgrep -u $BUSER -f clixon_backend)
+	pid=$(pgrep -u root -f clixon_backend)
 	if [ -z "$pid" ]; then
 	    err "backend already dead"
 	fi
--- a/test/test_nacm_ext.sh
+++ b/test/test_nacm_ext.sh
@ -216,7 +216,7 @@ fi

 new "Kill backend"
 # Check if premature kill
-pid=$(pgrep -u $BUSER -f clixon_backend)
+pid=$(pgrep -u root -f clixon_backend)
 if [ -z "$pid" ]; then
    err "backend already dead"
 fi
--- a/test/test_nacm_module_read.sh
+++ b/test/test_nacm_module_read.sh
@ -279,7 +279,7 @@ fi

 new "Kill backend"
 # Check if premature kill
-pid=$(pgrep -u $BUSER -f clixon_backend)
+pid=$(pgrep -u root -f clixon_backend)
 if [ -z "$pid" ]; then
    err "backend already dead"
 fi
--- a/test/test_nacm_module_write.sh
+++ b/test/test_nacm_module_write.sh
@ -258,7 +258,7 @@ fi

 new "Kill backend"
 # Check if premature kill
-pid=$(pgrep -u $BUSER -f clixon_backend)
+pid=$(pgrep -u root -f clixon_backend)
 if [ -z "$pid" ]; then
    err "backend already dead"
 fi
--- a/test/test_nacm_protocol.sh
+++ b/test/test_nacm_protocol.sh
@ -223,7 +223,7 @@ fi

 new "Kill backend"
 # Check if premature kill
-pid=$(pgrep -u $BUSER -f clixon_backend)
+pid=$(pgrep -u root -f clixon_backend)
 if [ -z "$pid" ]; then
    err "backend already dead"
 fi
--- a/test/test_netconf.sh
+++ b/test/test_netconf.sh
@ -211,7 +211,7 @@ fi

 new "Kill backend"
 # Check if premature kill
-pid=$(pgrep -u $BUSER -f clixon_backend)
+pid=$(pgrep -u root -f clixon_backend)
 if [ -z "$pid" ]; then
    err "backend already dead"
 fi
--- a/test/test_order.sh
+++ b/test/test_order.sh
@ -395,7 +395,7 @@ fi

 new "Kill backend"
 # Check if premature kill
-pid=$(pgrep -u $BUSER -f clixon_backend)
+pid=$(pgrep -u root -f clixon_backend)
 if [ -z "$pid" ]; then
    err "backend already dead"
 fi
--- a/test/test_pattern.sh
+++ b/test/test_pattern.sh
@ -743,7 +743,7 @@ expectfn "$clixon_cli -1f $cfg -l o set c threematch abcg" 255 '^CLI syntax erro
 if [ $BE -ne 0 ]; then
    new "Kill backend"
    # Check if premature kill
-    pid=$(pgrep -u $BUSER -f clixon_backend)
+    pid=$(pgrep -u root -f clixon_backend)
    if [ -z "$pid" ]; then
 	err "backend already dead"
    fi
--- a/test/test_perf.sh
+++ b/test/test_perf.sh
@ -237,7 +237,7 @@ fi

 new "Kill backend"
 # Check if premature kill
-pid=$(pgrep -u $BUSER -f clixon_backend)
+pid=$(pgrep -u root -f clixon_backend)
 if [ -z "$pid" ]; then
    err "backend already dead"
 fi
--- a/test/test_perf_state.sh
+++ b/test/test_perf_state.sh
@ -145,7 +145,7 @@ fi

 new "Kill backend"
 # Check if premature kill
-pid=$(pgrep -u $BUSER -f clixon_backend)
+pid=$(pgrep -u root -f clixon_backend)
 if [ -z "$pid" ]; then
    err "backend already dead"
 fi
--- a/test/test_privileges.sh
+++ b/test/test_privileges.sh
@ -0,0 +1,121 @@
+#!/bin/bash
+# Start clixon backend as root and unprivileged user (clicon)
+# Drop privileges from root to clicon
+# Test could do more:
+# - test file ownership
+# - drop_temp check if you can restore
+
+# Magic line must be first in script (see README.md)
+s="$_" ; . ./lib.sh || if [ "$s" = $0 ]; then exit 0; else return 0; fi
+
+APPNAME=example
+
+cfg=$dir/conf_startup.xml
+
+if [ $valgrindtest -ne 0 ]; then
+    return -1 # skip
+fi
+
+# Here $dir is created by the user that runs the script
+
+cat <<EOF > $cfg
+<clixon-config xmlns="http://clicon.org/config">
+  <CLICON_CONFIGFILE>$cfg</CLICON_CONFIGFILE>
+  <CLICON_YANG_DIR>/usr/local/share/clixon</CLICON_YANG_DIR>
+  <CLICON_YANG_MODULE_MAIN>clixon-example</CLICON_YANG_MODULE_MAIN>
+  <CLICON_SOCK>$dir/$APPNAME.sock</CLICON_SOCK>
+  <CLICON_BACKEND_PIDFILE>/var/tmp/$APPNAME.pidfile</CLICON_BACKEND_PIDFILE>
+  <CLICON_XMLDB_DIR>$dir</CLICON_XMLDB_DIR>
+</clixon-config>
+EOF
+
+
+# Create a pre-set running, startup and (extra) config.
+# The configs are identified by an interface called run, startup, extra.
+# Depending on startup mode (init, none, running, or startup)
+# expect different output of an initial get-config of running
+testrun(){
+    startuser=$1
+    beuser=$2
+    expectuser=$3
+    priv_mode=$4
+    expecterr=$5
+
+    # change owner (recursively) of all files in the test dir
+    sudo chown -R $startuser $dir
+
+    # change group (recursively) of all files in the test dir
+    sudo chgrp -R $startuser $dir
+
+    # kill old backend (if any)
+    new "kill old backend"
+    sudo clixon_backend -zf $cfg
+    if [ $? -ne 0 ]; then
+	err 
+    fi
+    # Kill all backends regardless of user or pid files (we mess with them in this test)
+    sudo pkill clixon_backend
+    
+    # start backend as user
+
+    new "start backend -f $cfg -s init -D $DBG -o CLICON_BACKEND_PRIVILEGES=$priv_mode -o CLICON_BACKEND_USER=$beuser"
+    sudo -u $startuser $clixon_backend -f $cfg -s init -D $DBG -o CLICON_BACKEND_PRIVILEGES=$priv_mode -o CLICON_BACKEND_USER=$beuser
+    if [ $? -ne 0 ]; then
+	err 
+    fi
+
+    pid=$(pgrep -f clixon_backend)    
+    if [ $? -ne 0 ]; then
+	if [ $expecterr -eq 1 ]; then
+	    return 0
+	fi
+	err
+    fi
+    new "waiting"
+    wait_backend
+
+    if [ $expecterr -eq 1 ]; then
+	err "Expected error"
+    fi
+    
+    # Get uid now, and compare with expected user
+    u=$(ps -p $pid -uh | awk '{print $1}')
+    if [ $u != $expectuser ]; then
+	err "$expectuser but user is $u"
+    fi
+
+    new "Kill backend"
+    # Check if premature kill
+    pid=$(pgrep -f clixon_backend)
+    if [ -z "$pid" ]; then
+	err "backend already dead"
+    fi
+    # kill backend
+    stop_backend -f $cfg
+} # testrun
+
+new "Start as non-privileged user, expect same"
+testrun $BUSER $BUSER $BUSER none 0
+
+new "Start as privileged user , expect same"
+testrun root root root none 0
+
+new "Start as privileged user, drop privileges permanent"
+testrun root $BUSER $BUSER drop_perm 0
+
+new "Start as privileged user, drop privileges temporary"
+testrun root $BUSER $BUSER drop_temp 0
+
+new "Start as root, drop to root (strange usecase)"
+testrun root root root drop_perm 0
+
+new "Start as root, drop to root (strange usecase)"
+testrun root root root drop_perm 0
+
+new "Start as root, set user but dont drop (expect still root)"
+testrun root $BUSER root none 0
+
+new "Start as non-privileged, try to drop"
+testrun $(whoami) $BUSER $BUSER drop_perm 1
+
+sudo rm -rf $dir
--- a/test/test_restconf.sh
+++ b/test/test_restconf.sh
@ -278,7 +278,7 @@ fi

 new "Kill backend"
 # Check if premature kill
-pid=$(pgrep -u $BUSER -f clixon_backend)
+pid=$(pgrep -u root -f clixon_backend)
 if [ -z "$pid" ]; then
    err "backend already dead"
 fi
--- a/test/test_restconf2.sh
+++ b/test/test_restconf2.sh
@ -200,7 +200,7 @@ fi

 new "Kill backend"
 # Check if premature kill
-pid=$(pgrep -u $BUSER -f clixon_backend)
+pid=$(pgrep -u root -f clixon_backend)
 if [ -z "$pid" ]; then
    err "backend already dead"
 fi
--- a/test/test_restconf_err.sh
+++ b/test/test_restconf_err.sh
@ -116,7 +116,7 @@ fi

 new "Kill backend"
 # Check if premature kill
-pid=$(pgrep -u $BUSER -f clixon_backend)
+pid=$(pgrep -u root -f clixon_backend)
 if [ -z "$pid" ]; then
    err "backend already dead"
 fi
--- a/test/test_restconf_jukebox.sh
+++ b/test/test_restconf_jukebox.sh
@ -261,7 +261,7 @@ fi

 new "Kill backend"
 # Check if premature kill
-pid=$(pgrep -u $BUSER -f clixon_backend)
+pid=$(pgrep -u root -f clixon_backend)
 if [ -z "$pid" ]; then
    err "backend already dead"
 fi
--- a/test/test_restconf_listkey.sh
+++ b/test/test_restconf_listkey.sh
@ -157,7 +157,7 @@ fi

 new "Kill backend"
 # Check if premature kill
-pid=$(pgrep -u $BUSER -f clixon_backend)
+pid=$(pgrep -u root -f clixon_backend)
 if [ -z "$pid" ]; then
    err "backend already dead"
 fi
--- a/test/test_restconf_patch.sh
+++ b/test/test_restconf_patch.sh
@ -209,7 +209,7 @@ fi

 new "Kill backend"
 # Check if premature kill
-pid=$(pgrep -u $BUSER -f clixon_backend)
+pid=$(pgrep -u root -f clixon_backend)
 if [ -z "$pid" ]; then
    err "backend already dead"
 fi
--- a/test/test_restconf_startup.sh
+++ b/test/test_restconf_startup.sh
@ -89,7 +89,7 @@ testrun(){
    if [ $BE -ne 0 ]; then
 	new "Kill backend"
 	# Check if premature kill
-	pid=$(pgrep -u $BUSER -f clixon_backend)
+	pid=$(pgrep -u root -f clixon_backend)
 	if [ -z "$pid" ]; then
 	    err "backend already dead"
 	fi
@ -108,7 +108,7 @@ new "Check running and startup exists and are same"
 if [ ! -f $dir/startup_db ]; then
    err "startup should exist but does not"
 fi
-echo "diff $dir/startup_db $dir/running_db"
+
 d=$(sudo diff $dir/startup_db $dir/running_db)
 if [ -n "$d" ]; then
    err "running and startup should be equal" "$d"
@ -117,14 +117,12 @@ fi
 # clear startup
 sudo rm -f $dir/startup_db; 

-new "Run without startup option, check running is copied"
+new "Run without startup option, check running is not copied"
 testrun ""

 new "Check startup is empty"
-if [ ! -f $dir/startup_db ]; then
-    err "startup does not exist"
-fi
-if [ -s $dir/startup_db ]; then
-    err "startup is not empty"
+if [ -f $dir/startup_db ]; then
+    err "startup should not exist"
 fi
+
 rm -rf $dir
--- a/test/test_rpc.sh
+++ b/test/test_rpc.sh
@ -164,7 +164,7 @@ fi

 new "Kill backend"
 # Check if premature kill
-pid=$(pgrep -u $BUSER -f clixon_backend)
+pid=$(pgrep -u root -f clixon_backend)
 if [ -z "$pid" ]; then
    err "backend already dead"
 fi
--- a/test/test_startup.sh
+++ b/test/test_startup.sh
@ -102,7 +102,7 @@ testrun(){
    
    new "Kill backend"
    # Check if premature kill
-    pid=$(pgrep -u $BUSER -f clixon_backend)
+    pid=$(pgrep -u root -f clixon_backend)
    if [ -z "$pid" ]; then
 	err "backend already dead"
    fi
--- a/test/test_stream.sh
+++ b/test/test_stream.sh
@ -291,7 +291,7 @@ fi

 new "Kill backend"
 # Check if premature kill
-pid=$(pgrep -u $BUSER -f clixon_backend)
+pid=$(pgrep -u root -f clixon_backend)
 if [ -z "$pid" ]; then
    err "backend already dead"
 fi
--- a/test/test_submodule.sh
+++ b/test/test_submodule.sh
@ -224,7 +224,7 @@ fi

 new "Kill backend"
 # Check if premature kill
-pid=$(pgrep -u $BUSER -f clixon_backend)
+pid=$(pgrep -u root -f clixon_backend)
 if [ -z "$pid" ]; then
    err "backend already dead"
 fi
--- a/test/test_transaction.sh
+++ b/test/test_transaction.sh
@ -311,7 +311,7 @@ fi

 new "Kill backend"
 # Check if premature kill
-pid=$(pgrep -u $BUSER -f clixon_backend)
+pid=$(pgrep -u root -f clixon_backend)
 if [ -z "$pid" ]; then
    err "backend already dead"
 fi
--- a/test/test_type.sh
+++ b/test/test_type.sh
@ -628,7 +628,7 @@ EOF
    if [ $BE -ne 0 ]; then
 	new "Kill backend"
 	# Check if premature kill
-	pid=$(pgrep -u $BUSER -f clixon_backend)
+	pid=$(pgrep -u root -f clixon_backend)
 	if [ -z "$pid" ]; then
 	    err "backend already dead"
 	fi
--- a/test/test_type_range.sh
+++ b/test/test_type_range.sh
@ -306,7 +306,7 @@ testrange string "012" "01234567890" ""
 if [ $BE -ne 0 ]; then
    new "Kill backend"
    # Check if premature kill
-    pid=$(pgrep -u $BUSER -f clixon_backend)
+    pid=$(pgrep -u root -f clixon_backend)
    if [ -z "$pid" ]; then
 	err "backend already dead"
    fi
--- a/test/test_union.sh
+++ b/test/test_union.sh
@ -107,7 +107,7 @@ fi

 new "Kill backend"
 # Check if premature kill
-pid=$(pgrep -u $BUSER -f clixon_backend)
+pid=$(pgrep -u root -f clixon_backend)
 if [ -z "$pid" ]; then
    err "backend already dead"
 fi
--- a/test/test_unique.sh
+++ b/test/test_unique.sh
@ -216,7 +216,7 @@ fi

 new "Kill backend"
 # Check if premature kill
-pid=$(pgrep -u $BUSER -f clixon_backend)
+pid=$(pgrep -u root -f clixon_backend)
 if [ -z "$pid" ]; then
    err "backend already dead"
 fi
--- a/test/test_upgrade.sh
+++ b/test/test_upgrade.sh
@ -283,7 +283,7 @@ runtest(){
    if [ $BE -ne 0 ]; then
 	new "Kill backend"
 	# Check if premature kill
-	pid=$(pgrep -u $BUSER -f clixon_backend)
+	pid=$(pgrep -u root -f clixon_backend)
 	if [ -z "$pid" ]; then
 	    err "backend already dead"
 	fi
--- a/test/test_upgrade_auto.sh
+++ b/test/test_upgrade_auto.sh
@ -274,7 +274,7 @@ stop_restconf
 if [ $BE -ne 0 ]; then
    new "Kill backend"
    # Check if premature kill
-    pid=$(pgrep -u $BUSER -f clixon_backend)
+    pid=$(pgrep -u root -f clixon_backend)
    if [ -z "$pid" ]; then
 	err "backend already dead"
    fi
--- a/test/test_upgrade_interfaces.sh
+++ b/test/test_upgrade_interfaces.sh
@ -285,7 +285,7 @@ testrun(){
    if [ $BE -ne 0 ]; then
 	new "Kill backend"
 	# Check if premature kill
-	pid=$(pgrep -u $BUSER -f clixon_backend)
+	pid=$(pgrep -u root -f clixon_backend)
 	if [ -z "$pid" ]; then
 	    err "backend already dead"
 	fi
--- a/test/test_upgrade_repair.sh
+++ b/test/test_upgrade_repair.sh
@ -151,7 +151,7 @@ stop_restconf
 if [ $BE -ne 0 ]; then
    new "Kill backend"
    # Check if premature kill
-    pid=$(pgrep -u $BUSER -f clixon_backend)
+    pid=$(pgrep -u root -f clixon_backend)
    if [ -z "$pid" ]; then
 	err "backend already dead"
    fi
--- a/test/test_when_must.sh
+++ b/test/test_when_must.sh
@ -147,7 +147,7 @@ fi

 new "Kill backend"
 # Check if premature kill
-pid=$(pgrep -u $BUSER -f clixon_backend)
+pid=$(pgrep -u root -f clixon_backend)
 if [ -z "$pid" ]; then
    err "backend already dead"
 fi
--- a/test/test_with_default.sh
+++ b/test/test_with_default.sh
@ -112,7 +112,7 @@ fi

 new "Kill backend"
 # Check if premature kill
-pid=$(pgrep -u $BUSER -f clixon_backend)
+pid=$(pgrep -u root -f clixon_backend)
 if [ -z "$pid" ]; then
    err "backend already dead"
 fi
--- a/test/test_yang.sh
+++ b/test/test_yang.sh
@ -286,7 +286,7 @@ fi

 new "Kill backend"
 # Check if premature kill
-pid=$(pgrep -u $BUSER -f clixon_backend)
+pid=$(pgrep -u root -f clixon_backend)
 if [ -z "$pid" ]; then
    err "backend already dead"
 fi
--- a/test/test_yang_extension.sh
+++ b/test/test_yang_extension.sh
@ -114,7 +114,7 @@ expecteof "$clixon_netconf -qf $cfg -D $DBG" 0 "<rpc><get-config><source><candid
 if [ $BE -ne 0 ]; then
    new "Kill backend"
    # Check if premature kill
-    pid=$(pgrep -u $BUSER -f clixon_backend)
+    pid=$(pgrep -u root -f clixon_backend)
    if [ -z "$pid" ]; then
 	err "backend already dead"
    fi
--- a/test/test_yang_load.sh
+++ b/test/test_yang_load.sh
@ -100,7 +100,7 @@ expecteof "$clixon_netconf -qf $cfg" 0 '<rpc><edit-config><target><candidate/></
 if [ $BE -ne 0 ]; then
    new "Kill backend"
    # Check if premature kill
-    pid=$(pgrep -u $BUSER -f clixon_backend)
+    pid=$(pgrep -u root -f clixon_backend)
    if [ -z "$pid" ]; then
 	err "backend already dead"
    fi
@ -149,7 +149,7 @@ expecteof "$clixon_netconf -qf $cfg" 0 '<rpc><edit-config><target><candidate/></
 if [ $BE -ne 0 ]; then
    new "Kill backend"
    # Check if premature kill
-    pid=$(pgrep -u $BUSER -f clixon_backend)
+    pid=$(pgrep -u root -f clixon_backend)
    if [ -z "$pid" ]; then
 	err "backend already dead"
    fi
@ -193,7 +193,7 @@ expecteof "$clixon_netconf -qf $cfg" 0 '<rpc><edit-config><target><candidate/></
 if [ $BE -ne 0 ]; then
    new "Kill backend"
    # Check if premature kill
-    pid=$(pgrep -u $BUSER -f clixon_backend)
+    pid=$(pgrep -u root -f clixon_backend)
    if [ -z "$pid" ]; then
 	err "backend already dead"
    fi
@ -237,7 +237,7 @@ expecteof "$clixon_netconf -qf $cfg" 0 '<rpc><edit-config><target><candidate/></
 if [ $BE -ne 0 ]; then
    new "Kill backend"
    # Check if premature kill
-    pid=$(pgrep -u $BUSER -f clixon_backend)
+    pid=$(pgrep -u root -f clixon_backend)
    if [ -z "$pid" ]; then
 	err "backend already dead"
    fi
@ -281,7 +281,7 @@ expecteof "$clixon_netconf -qf $cfg" 0 '<rpc><edit-config><target><candidate/></
 if [ $BE -ne 0 ]; then
    new "Kill backend"
    # Check if premature kill
-    pid=$(pgrep -u $BUSER -f clixon_backend)
+    pid=$(pgrep -u root -f clixon_backend)
    if [ -z "$pid" ]; then
 	err "backend already dead"
    fi
@ -326,7 +326,7 @@ expecteof "$clixon_netconf -qf $cfg" 0 '<rpc><edit-config><target><candidate/></
 if [ $BE -ne 0 ]; then
    new "Kill backend"
    # Check if premature kill
-    pid=$(pgrep -u $BUSER -f clixon_backend)
+    pid=$(pgrep -u root -f clixon_backend)
    if [ -z "$pid" ]; then
 	err "backend already dead"
    fi
@ -372,7 +372,7 @@ expecteof "$clixon_netconf -qf $cfg" 0 '<rpc><edit-config><target><candidate/></
 if [ $BE -ne 0 ]; then
    new "Kill backend"
    # Check if premature kill
-    pid=$(pgrep -u $BUSER -f clixon_backend)
+    pid=$(pgrep -u root -f clixon_backend)
    if [ -z "$pid" ]; then
 	err "backend already dead"
    fi
@ -418,7 +418,7 @@ expecteof "$clixon_netconf -qf $cfg" 0 '<rpc><edit-config><target><candidate/></
 if [ $BE -ne 0 ]; then
    new "Kill backend"
    # Check if premature kill
-    pid=$(pgrep -u $BUSER -f clixon_backend)
+    pid=$(pgrep -u root -f clixon_backend)
    if [ -z "$pid" ]; then
 	err "backend already dead"
    fi
--- a/test/test_yang_namespace.sh
+++ b/test/test_yang_namespace.sh
@ -137,7 +137,7 @@ if [ $BE -eq 0 ]; then
 fi
 new "Kill backend"
 # Check if premature kill
-pid=$(pgrep -u $BUSER -f clixon_backend)
+pid=$(pgrep -u root -f clixon_backend)
 if [ -z "$pid" ]; then
    err "backend already dead"
 fi