Hello, I want to hash this out here, before I report and waste anyone's time. What is the procedure for reporting bugs?
1) Set permissions sudo chown -R _assp:_assp ~/Desktop/ASSP 2) Confirm permissions -rwxr-xr-x@ 1 _assp _assp 1753 Jun 26 2005 addservice.pl -rwxrwxr-x@ 1 _assp _assp 13225 Nov 6 23:51 assp.cfg.defaults -rw-r--r--@ 1 _assp _assp 850312 Dec 10 14:21 assp.pl drwxr-xr-x@ 5 _assp _assp 170 Oct 10 2007 docs drwxr-xr-x@ 8 _assp _assp 272 Nov 16 02:06 files drwxr-xr-x@ 19 _assp _assp 646 Oct 18 10:18 images drwxr-xr-x@ 2 _assp _assp 68 May 4 2007 logs -rw-rw---- 1 _assp _assp 16124 Nov 1 04:28 mod_inst.pl -rwxr-xr-x@ 1 _assp _assp 1416 Jun 26 2005 move2num.pl drwxrwxrwx@ 7 _assp _assp 238 Nov 1 04:31 notes drwxr-xr-x@ 6 _assp _assp 204 Jul 2 2007 rc -rw-r--r--@ 1 _assp _assp 40138 Dec 14 07:37 rebuildspamdb.pl -rwxr-xr-x@ 1 _assp _assp 924 Mar 2 2007 repair.pl drwxr-xr-x@ 11 _assp _assp 374 Feb 6 2008 reports -rwxr-xr-x@ 1 _assp _assp 2556 Oct 10 2007 stat.pl -rwxr-xr-x@ 1 _assp _assp 5286 Dec 31 2004 stats.sh 3) Edit and make copy of assp.cfg with new user and group grep '_assp' assp.cfg runAsUser:=_assp runAsGroup:=_assp 4) Run ASSP sudo perl assp.pl 5) Check permissions for all being _assp ls -la | grep root -rw-rw-rw- 1 root _assp 13048 Feb 27 20:58 assp.cfg -rwxr-xr-x@ 1 root _assp 13235 Feb 27 20:56 assp.cfg.bak I can not seem to keep the config file from being root owned. This concerns me, especially since the permissions on most of the files are defaulting to +x. Here is a sample test case that should show what I think is a danger, but I could be wrong. I just saved "#!/bin/bash touch ~/assp-made-this-file; exit;" into any of the input fields in the web admin, it was saved into the cfg file. At some point, it was rolled into a .bak file, which had execute bits set. All that it took was then to ./assp.cfg.bak Results: -rw-r--r-- 1 me staff 0 Feb 27 21:01 assp-made-this-file I do not know too much about this, and have not played with it much to solve it. Maybe I can just -x all but the assp.pl file, but I do not know the repercussions of that. Can someone tell me what all the permissions should be? With that, it would help, but I can not solve why assp is rooting the config files to begin with. Thanks, if someone else can test these findings, and confirm, I would appreciate it. -- Scott * If you contact me off list replace talklists@ with scott@ * ------------------------------------------------------------------------------ Open Source Business Conference (OSBC), March 24-25, 2009, San Francisco, CA -OSBC tackles the biggest issue in open source: Open Sourcing the Enterprise -Strategies to boost innovation and cut costs with open source participation -Receive a $600 discount off the registration fee with the source code: SFAD http://p.sf.net/sfu/XcvMzF8H _______________________________________________ Assp-user mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/assp-user
