Hi everybody,
I have a question on how you manage Linux user related to Rivendell.
My setup is Debian 7, with Rivendell 2.5.1 installed from Tryphon
repositories.
Like most of you usually do, I created a specific Linux account for
Rivendell, 'rivendell' indeed. From a theoretical point of view, as Fred
always said, this user should be responsible for all Rivendell activities
and no human account could use it. It must be reported in /etc/rd.conf and
it should be the owner of /var/snd (mod/own is 0775 rivendell:rivendell).
I also have a /home/rivendell folder where scripts,reports or db-backups
will be saved.
My goal now is that Debian automatically logs in as 'guest', completely
unprivileged Linux user. It doesn't belong to 'rivendell' group, and
therefore it can't be able to edit /var/snd.
For those who use Tryphon init scripts.
/etc/default/rivendell -> all commented, does nothing (I want to use PAM)
/etc/init.d/rivendell ->
....
if [ ! -d $PIDDIR ]; then
install --directory --mode 04775 --owner=rivendell --group=rivendell
/var/run/rivendell
fi
....this creates the folder /var/run/rivendell (it works!) with mod/own 775
rivendell:rivendell as desired.
Then it checks if I want to use PAM or INIT reading /etc/default/rivendell.
As I said it's all commented, so it exits and does nothing.. (still no pid
files/daemons are up)
Now the interesting part. When I run RD application from the desktop (user
'guest') it tries to write its 3 pids in /var/run/rivendell (created with
the ownership of rivendell) and it fails. But:
1) If I chmod 777 /var/run/rivendell it creates daemons -> but under owner
'guest', which is bad!
2) I need to do:
su rivendell (enter)
psw (enter)
caed (enter)
ripcd (enter)
rdcatchd (enter)
Now I can launch RD application with 'guest' user and it works...
Is this behaviour correct? Would it more correct that each RD application
could write 3 pid files under the ownership of 'rivendell'?
How do you manage user permissions and startup daemons?
Thank you
Alessio
_______________________________________________
Rivendell-dev mailing list
[email protected]
http://caspian.paravelsystems.com/mailman/listinfo/rivendell-dev
