On Tue, 5 Feb 2019, Fred Gleason wrote:
The 'Run Shell Command' ['RN'] RML has been part of Rivendell from the
early days of the project (it first appeared in v0.9.17, released on
1/10/2005). Its use at first glance appears straightforward: run the
specified command-line invocation. However, in actual practice, it has
proven to be one of the more fussy and difficult RMLs to make work,
mostly because of the rather byzantine way in which Rivendell processes
it: send a message to the background Rivendell service (ripcd(8) to be
precise), which then handles the actual execution. In order to avoid
privilege escalation attacks, ripcd(8) actually executes the command as
the user/group specified in the 'AudioOwner=' and 'AudioGroup='
directives in the '[Identity]' section of '/etc/rd.conf'. This has
proven in many [most?] cases to be confusing, counter-intuitive and
generally not what the user wants.
I've built a number of Rivendell machines that rely on RN commands for a
variety of different things, and very quickly decided that "AudioOwner"
and "AudioGroup" should be set to the logged-in user ("scott", in my case)
rather than a system user "rivendell".
In most cases, this resolves the permissions problems I otherwise
encounter, and makes it easier to verify that everything will work as it
should.
What are some ways we could improve this RML? One that has occurred to
me is to have it run the command as the local user who actually invoked
the RML. For example, if a user is logged in to a host as 'rd' (Linux
user, *not* Rivendell user!), run the requested Linux command as user
'rd'.
I have found that Perl scripts will not run directly from an RN command; I
have to run a bash script that invokes the Perl script.
This would have a big advantage over the current implementation in that
it does seem to be what most users intuitively expect to happen.
However, it comes with an awkward corner case: remote execution. What,
for example, would we do with an RML invocation like this:
CC some-remote-host RN /some/dangerous/operation!
This is the first time I've heard of a CC command. I've always done remote
invocations by using rmlsend from a bash script.
One Boston-area client has a Rivendell system that sends commands to
another Rivendell system at a co-owned station on Cape Cod. For him, I had
to write "rmlserver" and "rmlclient" scripts to encapsulate the UDP
packets as TCP so I could send them through an ssh tunnel.
Rob
_______________________________________________
Rivendell-dev mailing list
Rivendell-dev@lists.rivendellaudio.org
http://caspian.paravelsystems.com/mailman/listinfo/rivendell-dev
