Fred, an alternate possibility...
On Tue, Feb 5, 2019 at 10:34 AM Fred Gleason <[email protected]> wrote: > The 'Run Shell Command' ['RN'] RML has been part of Rivendell from the > snip > In order to avoid > privilege escalation attacks, ripcd(8) actually executes the command as > the user/group specified in the 'AudioOwner=' and 'AudioGroup=' > directives in the '[Identity]' section of '/etc/rd.conf'. This has > proven in many [most?] cases to be confusing, counter-intuitive and > generally not what the user wants. > > What are some ways we could improve this RML? > Make an easy way for testing how things run when rivendell gets to running it. Could we use a little script (or would we need something more?) that does an su to 'AudioOwner' (and group?) and sets up the environment to be what it is when riv runs the RML, then run the command and then put things back to "normal..." This could be put in the /etc/sudoers.d directory so that the normal rd user does not need a password to run it. Bonus points if it is possible to run this in some sort of test mode that will report back on what it would have done without doing it. Does this make any sense at all. > > |---------------------------------------------------------------------| > | Frederick F. Gleason, Jr. | Chief Developer | > | | Paravel Systems | > |---------------------------------------------------------------------| > all the best, drew -- Enjoy the *Paradise Island Cam* playing *Bahamian Or Nuttin* - https://www.paradiseislandcam.com/
_______________________________________________ Rivendell-dev mailing list [email protected] http://caspian.paravelsystems.com/mailman/listinfo/rivendell-dev
