The latest version in the cvs checks for creating this directory and tells the user to update it's ownership. We can't go much further in the GENERAL situation, as we don't know what userid ntop will run under. We suggest ntop, but that's just a suggestion.
The semi-official rpm's posted at SourceForge go further, because in the script, we create the ntop userid and so we're probably justified in making that assumption. That script is always created AFTER the release, so I haven't begin to touch it. Actually, your basic idea IS the most secure way. Nothing needs to be readable by ANYONE other than the ntop userid except the script files, which are run as root. $ chown -R ntop:nobody /usr/share/ntop $ chmod -R 0600 ntop Is probably overkill, but might work. I would have to test it. The .db files need to be r/w (the ntop_pw.db is the sensitive one), and the files in the rrd subdirectory are created and updated on the fly. All the rest could be read only. This should probably be an FAQ entry too, once we figure it out. If somebody wants to take a stab at it and let me know, that would be appreciated. -----Burton > -----Original Message----- > From: pc [mailto:[EMAIL PROTECTED] > Sent: Tuesday, August 26, 2003 9:07 PM > To: [EMAIL PROTECTED] > Subject: Issues w/ ntop 2.2.93 <snip/> > installed file ownership errors > > All files install as user root. Many of the files and directory structures need to be the ntop user in order for the process to run properly. The documentation is not real clear on which files and directories specifically need to be owned by the ntop user. In the past I have gone through things and made most everything that I could find associated with ntop the ntop user, but I suspect that this is probably not the best situation from a security perspective. Possibly a post configuration script would be best. > _______________________________________________ Ntop-dev mailing list [EMAIL PROTECTED] http://listgateway.unipi.it/mailman/listinfo/ntop-dev
