Package: motion Version: 3.1.19-1 Severity: wishlist In order to run motion securely it should not be run as root. To help Debian users to do this in a consistent way it would be useful if the motion package would do something like:
Create a motion user - e.g. adduser --system --no-create-home motion Have a motion init script to start and stop it, which would run it as the motion user. Have a note in README.Debian to say that the motion user must be able to write to the target_dir, which is probably best done (if it is a dedicated directory) by making it owned by the motion user. Have a note in README.Debian to say that the motion user must have access to the videodevice - either by making them own it, or by adding them to the video group. Note that while it would be possible to do fancy management of motion.conf via debconf, and checking for permissions of the files this might get complex if the motion program is updated in a major way, but running as its own user, and having some kind of simple startup script will always be a good idea. -- System Information: Debian Release: testing/unstable APT prefers unstable APT policy: (990, 'unstable') Architecture: i386 (i686) Shell: /bin/sh linked to /bin/bash Kernel: Linux 2.4.27 Locale: LANG=C, LC_CTYPE=C (charmap=ANSI_X3.4-1968) Versions of packages motion depends on: ii debconf 1.4.58 Debian configuration management sy ii liba52-0.7.4 0.7.4-1 Library for decoding ATSC A/52 str ii libc6 2.3.5-6 GNU C Library: Shared libraries an ii libjpeg62 6b-10 The Independent JPEG Group's JPEG ii libmysqlclient10 3.23.56-3 LGPL-licensed client library for M ii libpq3 1:7.4.8-17 PostgreSQL C client library ii libvorbis0a 1.1.0-1 The Vorbis General Audio Compressi ii libvorbisenc2 1.1.0-1 The Vorbis General Audio Compressi ii libwww-ssl0 [libwww0] 5.4.0-9 The W3C-WWW library (SSL support) ii libxmlrpc-c3 0.9.10-4 A lightweight RPC library based on ii zlib1g 1:1.2.3-4 compression library - runtime Versions of packages motion recommends: pn ffmpeg <none> (no description available) -- debconf information excluded -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
