Noted. Thanks, Fred. -Andy
On Thu, Nov 3, 2011 at 13:18, Fred Gleason <[email protected]> wrote: > On Nov 3, 2011, at 14:39 13, Andy Sayler wrote: > > > Note that with SETUID and root ownership, rdxport.cgi is (if my Linux > semantics are correct) running as root, not the RD user. This is probably > not what you want, although it is a brute-force solution to your problem > (at the expense of considerable security). > > Actually, this is correct for a default setup. The very first thing > rdxport.cgi does after startup is lookup the proper rivendell user in > rd.conf(5) and then switch to that user (hence shedding root perms). A > slightly more secure way to configure it would be to install it SETUID to > the desired rivendell user, but this means that changing the rivendell user > in rd.conf(5) will mean having to change the ownership of rdxport.cgi as > well. As there is no way when building the software of knowing how the > user will choose to configure the user database, we default to the first > approach so as to provide a system that works "out of the box". > > Cheers! > > > |-------------------------------------------------------------------------| > | Frederick F. Gleason, Jr. | Chief Developer | > | | Paravel Systems | > |-------------------------------------------------------------------------| > | True leadership is the art of changing a group from what it is to what | > | it ought to be. | > | -- Virginia Allan | > |-------------------------------------------------------------------------| > > _______________________________________________ > Rivendell-dev mailing list > [email protected] > http://lists.rivendellaudio.org/mailman/listinfo/rivendell-dev >
_______________________________________________ Rivendell-dev mailing list [email protected] http://lists.rivendellaudio.org/mailman/listinfo/rivendell-dev
