On Tue, 5 Feb 2019, Fred Gleason wrote:
The 'Run Shell Command' ['RN'] RML has been part of Rivendell from the early days of the project (it first appeared in v0.9.17, released on 1/10/2005). Its use at first glance appears straightforward: run the specified command-line invocation. However, in actual practice, it has proven to be one of the more fussy and difficult RMLs to make work, mostly because of the rather byzantine way in which Rivendell processes it: send a message to the background Rivendell service (ripcd(8) to be precise), which then handles the actual execution. In order to avoid privilege escalation attacks, ripcd(8) actually executes the command as the user/group specified in the 'AudioOwner=' and 'AudioGroup=' directives in the '[Identity]' section of '/etc/rd.conf'. This has proven in many [most?] cases to be confusing, counter-intuitive and generally not what the user wants.
I've built a number of Rivendell machines that rely on RN commands for a variety of different things, and very quickly decided that "AudioOwner" and "AudioGroup" should be set to the logged-in user ("scott", in my case) rather than a system user "rivendell".
In most cases, this resolves the permissions problems I otherwise encounter, and makes it easier to verify that everything will work as it should.
What are some ways we could improve this RML? One that has occurred to me is to have it run the command as the local user who actually invoked the RML. For example, if a user is logged in to a host as 'rd' (Linux user, *not* Rivendell user!), run the requested Linux command as user 'rd'.
I have found that Perl scripts will not run directly from an RN command; I have to run a bash script that invokes the Perl script.
This would have a big advantage over the current implementation in that it does seem to be what most users intuitively expect to happen. However, it comes with an awkward corner case: remote execution. What, for example, would we do with an RML invocation like this:
CC some-remote-host RN /some/dangerous/operation!
This is the first time I've heard of a CC command. I've always done remote invocations by using rmlsend from a bash script.
One Boston-area client has a Rivendell system that sends commands to another Rivendell system at a co-owned station on Cape Cod. For him, I had to write "rmlserver" and "rmlclient" scripts to encapsulate the UDP packets as TCP so I could send them through an ssh tunnel.
Rob _______________________________________________ Rivendell-dev mailing list Rivendell-dev@lists.rivendellaudio.org http://caspian.paravelsystems.com/mailman/listinfo/rivendell-dev