| 2008-12-08 01:19:41 |
Ken McLean |
description |
Tonight the showmedia script killed the boot directory because of unquoted system commands.
This meant a very painful process rebuilding the kernel and bootstrapping from scratch.
This could have been avoided if the script had been running as a separate user that didn't have permissions to change any files but its own.
To do this, we need to:
a) Make a special user 'spo'
b) Make a group 'sposys' of which spo and www-data are users.
c) Make all the perl scripts owned by spo
d) Make all the caches owned by the sposys group. |
Tonight the showmedia script killed the boot directory because of unquoted system commands.
This meant a very painful process rebuilding the kernel and bootstrapping from scratch.
This could have been avoided if the script had been running as a separate user that didn't have permissions to change any files but its own.
To do this, we need to:
a) Make a special user 'retromod'
b) Make a group 'retromodsys' of which retromod and www-data are users.
c) Make all the perl scripts owned by retromod
d) Make all the caches owned by the retromodsys group. |
|
