Send Motion-user mailing list submissions to
motion-user@lists.sourceforge.net
To subscribe or unsubscribe via the World Wide Web, visit
https://lists.sourceforge.net/lists/listinfo/motion-user
or, via email, send a message with subject or body 'help' to
motion-user-requ...@lists.sourceforge.net
You can reach the person managing the list at
motion-user-ow...@lists.sourceforge.net
When replying, please edit your Subject line so it is more specific
than "Re: Contents of Motion-user digest..."
Today's Topics:
1. Permissions required for SSL .key for Motion (John Fry)
2. Re: Permissions required for SSL .key for Motion (John Fry)
----------------------------------------------------------------------
Message: 1
Date: Tue, 14 May 2019 10:37:12 +0000
From: John Fry <fry_...@hotmail.com>
To: "motion-user@lists.sourceforge.net"
<motion-user@lists.sourceforge.net>
Subject: [Motion-user] Permissions required for SSL .key for Motion
Message-ID:
<am6pr02mb44569265189db77370a15931ce...@am6pr02mb4456.eurprd02.prod.outlook.com>
Content-Type: text/plain; charset="iso-8859-1"
Hi,
I'm running release-4.2.2/pi_stretch_motion_4.2.2-1_armhf.deb on my RPI 3B+
with the RPI stock v2 camera.
@MrDave - I followed your video online to get SSL working with Motion.
However, when I create my self-signed cert and link to this in the motion.conf,
I get the following error in the motion.log: webu_mhd_checktls: SSL/TLS
requested but no key file provided. SSL/TLS disabled
I thought this might be a permissions problem, as I assumed that the motion
service didn't have the required rights to the .key. So I changed the
permissions on the .key to 777, restarted the motion service "sudo service
motion restart" and hey presto - it's all working.
I know that 777 is a bad idea and need to change the permission, but not sure
what to? I noticed that during the motion install a "motion" user was created.
So perhaps I just need to change the user or group owner and leave the key
permissions as 600? (I've set it back to 600 for the moment).
I'm very new to linux, so please excuse my ignorance.
I'm currently searching to see if I can find out if the motion service / daemon
runs under the context of a particular account, as I assume I would just grant
that account the ownership and required rights to the .key.
Thanks in advance,
J
-------------- next part --------------
An HTML attachment was scrubbed...
------------------------------
Message: 2
Date: Tue, 14 May 2019 11:36:27 +0000
From: John Fry <fry_...@hotmail.com>
To: "motion-user@lists.sourceforge.net"
<motion-user@lists.sourceforge.net>
Subject: Re: [Motion-user] Permissions required for SSL .key for
Motion
Message-ID:
<am6pr02mb44560b1d504d3a6b8adb5c74ce...@am6pr02mb4456.eurprd02.prod.outlook.com>
Content-Type: text/plain; charset="utf-8"
Resolved:
ps aux showed motion running under the context of the motion user.
Therefore set the motion user as the owner to the SSL .key file, using chown...
SSL is now working ?
Thank for your great work on the updates to Motion ?
________________________________
From: John Fry <fry_...@hotmail.com>
Sent: 14 May 2019 11:37
To: motion-user@lists.sourceforge.net
Subject: [Motion-user] Permissions required for SSL .key for Motion
Hi,
I'm running release-4.2.2/pi_stretch_motion_4.2.2-1_armhf.deb on my RPI 3B+
with the RPI stock v2 camera.
@MrDave - I followed your video online to get SSL working with Motion.
However, when I create my self-signed cert and link to this in the motion.conf,
I get the following error in the motion.log: webu_mhd_checktls: SSL/TLS
requested but no key file provided. SSL/TLS disabled
I thought this might be a permissions problem, as I assumed that the motion
service didn't have the required rights to the .key. So I changed the
permissions on the .key to 777, restarted the motion service "sudo service
motion restart" and hey presto - it's all working.
I know that 777 is a bad idea and need to change the permission, but not sure
what to? I noticed that during the motion install a "motion" user was created.
So perhaps I just need to change the user or group owner and leave the key
permissions as 600? (I've set it back to 600 for the moment).
I'm very new to linux, so please excuse my ignorance.
I'm currently searching to see if I can find out if the motion service / daemon
runs under the context of a particular account, as I assume I would just grant
that account the ownership and required rights to the .key.
Thanks in advance,
J
-------------- next part --------------
An HTML attachment was scrubbed...
------------------------------
------------------------------
Subject: Digest Footer
_______________________________________________
Motion-user mailing list
Motion-user@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/motion-user
------------------------------
End of Motion-user Digest, Vol 155, Issue 7
*******************************************
