n7tae
commented
5 years ago Your paths to useradd, userdel and nologin don't work on Debian-based systems, they're in /usr/sbin/. Also, not sure why you broke the symbolic link to sgs.cfg.
Closed K2IE closed 5 years ago
n7tae
commented
5 years ago Your paths to useradd, userdel and nologin don't work on Debian-based systems, they're in /usr/sbin/. Also, not sure why you broke the symbolic link to sgs.cfg.
K2IE
commented
5 years ago OK, I'll fix the paths. They are actually in both places on Fedora, I was thinking that they were in /sbin on Debian/Raspbian. The reason that the symlink had to be broken has to do with permissions. When I first ran as sgs, it syslinked into my user home dir and was denied. It works for root, of course, because root... The test with my callsign was just that, a test run after the compile. My actual server is running as WA2NYC, which is a club callsign. Will follow up in a bit... On Mon, 2019-02-18 at 15:01 -0800, Tom Early wrote:
Your paths to useradd, userdel and nologin don't work on Debian-based systems, they're in /usr/sbin/. Also, not sure why you broke the symbolic link to sgs.cfg.
— You are receiving this because you authored the thread. Reply to this email directly, view it on GitHub, or mute the thread.
{"api_version":"1.0","publisher":{"api_key":"05dde50f1d1a384dd78767c5 5493e4bb","name":"GitHub"},"entity":{"external_key":"github/n7tae/sma rt-group-server","title":"n7tae/smart-group- server","subtitle":"GitHub repository","main_image_url":" https://github.githubassets.com/images/email/message_cards/header.png","avatar_image_url":"https://github.githubassets.com/images/email/message_cards/avatar.png","action":{"name":"Open in GitHub","url":" https://github.com/n7tae/smart-group-server"}},"updates":{"snippets":[{"icon":"PERSON","message":"@n7tae in #7: Your paths to useradd, userdel and nologin don't work on Debian-based systems, they're in /usr/sbin/. Also, not sure why you broke the symbolic link to sgs.cfg. "}],"action":{"name":"View Pull Request","url":" https://github.com/n7tae/smart-group-server/pull/7#issuecomment-464914584 "}}} [ { "@context": "http://schema.org", "@type": "EmailMessage", "potentialAction": { "@type": "ViewAction", "target": " https://github.com/n7tae/smart-group-server/pull/7#issuecomment-464914584 ", "url": " https://github.com/n7tae/smart-group-server/pull/7#issuecomment-464914584 ", "name": "View Pull Request" }, "description": "View this Pull Request on GitHub", "publisher": { "@type": "Organization", "name": "GitHub", "url": "https://github.com" } } ]
n7tae
commented
5 years ago I need the symbolic link to sgs.cfg. It gets confusing if multiple people are administering the sgs and there are two copies of the configuration file.
K2IE
commented
5 years ago I don't recommend this from a security perspective. Here's why: User tom grabs the source and builds the software. It ends up under /home/tom. Then he runs a sudo make install. The symlink is created as root has the ability to read anything. However, no users other than root and tom have access to /home/tom by default. So user sgs cannot follow the symlink. Could you make Tom's home directory world readable? Well you could but that would be less secure rather than more secure. I'm thinking about a shared environment at a cloud host rather than a Raspberry Pi in someone's home. If this is a preference that you can't get past you could reject the pull request and I'll maintain my fork and I'll backport any changes that arise in the future. It ought to be clear to anyone administering the server that the definitive copy is in /usr/local/etc, but no doubt your desire is based upon real world issues. On Mon, 2019-02-18 at 15:51 -0800, Tom Early wrote:
I need the symbolic link to sgs.cfg. It gets confusing if multiple people are administering the sgs and there are two copies of the configuration file.
— You are receiving this because you authored the thread. Reply to this email directly, view it on GitHub, or mute the thread.
{"api_version":"1.0","publisher":{"api_key":"05dde50f1d1a384dd78767c5 5493e4bb","name":"GitHub"},"entity":{"external_key":"github/n7tae/sma rt-group-server","title":"n7tae/smart-group- server","subtitle":"GitHub repository","main_image_url":" https://github.githubassets.com/images/email/message_cards/header.png","avatar_image_url":"https://github.githubassets.com/images/email/message_cards/avatar.png","action":{"name":"Open in GitHub","url":" https://github.com/n7tae/smart-group-server"}},"updates":{"snippets":[{"icon":"PERSON","message":"@n7tae in #7: I need the symbolic link to sgs.cfg. It gets confusing if multiple people are administering the sgs and there are two copies of the configuration file."}],"action":{"name":"View Pull Request","url":" https://github.com/n7tae/smart-group-server/pull/7#issuecomment-464924702 "}}} [ { "@context": "http://schema.org", "@type": "EmailMessage", "potentialAction": { "@type": "ViewAction", "target": " https://github.com/n7tae/smart-group-server/pull/7#issuecomment-464924702 ", "url": " https://github.com/n7tae/smart-group-server/pull/7#issuecomment-464924702 ", "name": "View Pull Request" }, "description": "View this Pull Request on GitHub", "publisher": { "@type": "Organization", "name": "GitHub", "url": "https://github.com" } } ]
![https://github.githubassets.com/images/email/message_cards/header.png","avatar_image_url":"https://github.githubassets.com/images/email/message_cards/avatar.png","action":{"name":"Open](https://github.githubassets.com/images/email/message_cards/header.png","avatar_image_url":"https://github.githubassets.com/images/email/message_cards/avatar.png","action":{"name":"Open){kind=link}
These are the tested changes to run as user "sgs" rather than "root". It addresses the concern that I raised in issue #6.