Le 21/08/2018 à 17:55, Fred Gleason a écrit :
On Aug 20, 2018, at 17:14, le père Léon <news.l...@free.fr
<mailto:news.l...@free.fr>> wrote:
I must say that the sound test file - created when launching rdadmin
and the Rivendell database does not exist- is created only when my
user is in rivendell group and /var/snd is g+w (or when I launch
rdadmin as the superuser).
Which implies that the permissions in ‘/var/snd’ are in fact correct.
This smells like a problem with Apache. Is this a SystemD setup? If so,
it might be worth trying starting httpd by hand, rather than using the
SystemD service unit file. The developers of SystemD have rather a habit
of unilaterally deciding that certain actions are ‘insecure’ and then
(silently) preventing service processes from performing them.
Debian 8 (and following) are systemD.
I don't feel rewriting my own init script for Apache, but running Apache
as root would probably help.
I also think about security reasons, as I can hardly imagine how the web
server running as www-data: user could get root permissions to setuid a
file to any user. (oh yes.. the cgi has rws user rights..)
Having /var/snd owned by www-data could be a solution, acl also could help.
It seems that rdxport.cgi should stop if it does not get the required
uid and gid, but I have no logs about it.
Is there any way for tracing the cgi script ?
--
Léon.
_______________________________________________
Rivendell-dev mailing list
Rivendell-dev@lists.rivendellaudio.org
http://caspian.paravelsystems.com/mailman/listinfo/rivendell-dev
