- This topic has 1 reply, 2 voices, and was last updated 17 years, 3 months ago by
.
-
Posts
-
When I first installed 1450 or 1463 (in Debian Sarge/Freelink on a Linkstation HG), I noticed that the web Config page (which looks great) wasn’t configurable – ie. I didn’t have rights/perms to edit it (read-only).
So I did
chmod 777 mt-daapd.conf
and now it works great… Anyone out there know a better setting/more secure way than using 777?
I don’t really suspect that deviant subversive lemmings are going to commandeer my Firefly server in order to achieve world-wide rodent domination (or any other weirding hacking/takeover/conspiracy), but I really do realize that there must be a more secure way to do this – and I
don’t know what it is…I did a seach of the forum for “chmod”, and read a post on this same topic… a reader replied to use
chmod a+rwx /etc/mt-dpaad.conf
Is this preferable to the above 777 method? They look like they should be roughly equivalent 777=everyone can read, write and execute vs. a+rwx = add read, write & execute perms for all users.
Does this introduce a security flaw? Acceptable? Thanks in advance.
@davy_gravy wrote:
and now it works great… Anyone out there know a better setting/more secure way than using 777?
Probably the “right” way to do it would be to make a mt-daapd user, and chown the file to that user, and set permissions to 600. Then use stunnel to set up a ssl wrapper around the web admin.
Slightly less secure would be to keep running it as “guest” or “nobody” or whoever it’s running as now (so long as it’s not running as a privileged user or root), and set the config file to 600, running with stunnel. (if someone compromised another application running as nobody, the could read the config file, get the password, and change your server config).
Next would be not bothering to run it under a stunnel under the theory that either nobody is sniffing your traffic, or you don’t care if some crazy rogue changes your music server settings.
So there you go. I basically use the last setting. Chown the config file to nobody and chmod it to 600.
World readable is a little crazy, imho, but if it’s not a multi-user system, it probably doesn’t much matter.
- The forum ‘Setup Issues’ is closed to new topics and replies.