Retromod

Retromod needs to run as a separate user

Bug #191113 reported by Tudor Holton
2
Affects Status Importance Assigned to Milestone
Retromod
In Progress
Critical
Tudor Holton

Bug Description

Tonight the showmedia script killed the boot directory because of unquoted system commands.
This meant a very painful process rebuilding the kernel and bootstrapping from scratch.

This could have been avoided if the script had been running as a separate user that didn't have permissions to change any files but its own.

To do this, we need to:
a) Make a special user 'retromod'
b) Make a group 'retromodsys' of which retromod and www-data are users.
c) Make all the perl scripts owned by retromod
d) Make all the caches owned by the retromodsys group.

See original description
Revision history for this message
Tudor Holton (tudor) wrote :

And also, shift the cron jobs from root into the spo user.

Revision history for this message
Tudor Holton (tudor) wrote :

We've kinda done this now. Except that spo and sposys are the same and both called 'mms'.

It still needs to be added to the installer, tho.

Changed in synplayeronline:
assignee: nobody → tudor
importance: Undecided → Critical
status: New → In Progress
Revision history for this message
Ken McLean (kenmclean) wrote :

updated the terms spo and sposys to be retromod and retromodsys, to reflect branding changes.

description: updated
Revision history for this message
Ken McLean (kenmclean) wrote :

This is somewhat affected by the recently committed Perl script and modules (private/scripts/update.pl and Retromod.pm) and the way they are executed.

This makes it easier to avoid deletion problems. The retromod user only needs r-x permissions on ./private/scripts/update.pl, r-- permission on ./data and rw- permission on the cache ./cache

To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.