i've added a watch folder in my home dir with my user permissions (drwxr-xr-x) and added some files, also with my userid and perms (-rw-r--r--).
airtime watches the folder and imports the added files. but what i find surprising is, that i can edit the metadata of these files, and even delete it!
just tested: that even happens when the media files belong to the root-user... how does airtime gain the permissions to do so? is that the intended behaviour or is something wrong with my installation? udo
media-monitor starts with root-permissions (/etc/init.d/airtime-media-monitor: USERID=root GROUPID=www-data), that's why it may delete things in MY folder. but - potentially - also everything on the system, or?
no comment on this? i don't want to be annoying... but can someone explain to me why media-monitor needs to run with super-user permissions? wouldn't pypo be sufficient? media-monitor does no path-checking, it deletes what it receives from the queue. i think that is dangerous.
We made some tough decisions regarding running our processes as root. The main reason for this is because many users do not understand the Linux permission system and we received many complaints about their shows failing to start (since we could not read their files).
The obvious solution to this is to check whether the files are readable by user pypo before being allowed to be added the library. This is also something we did but then experienced users changing their permissions after they successfully imported the audio.
For this reason we've decided to let media-monitor run as root, perhaps until we find a better solution. We are open to alternative solutions :)
hi Martin, thanks for the explanation. fool-proof install is surely important, but personally i'd prefer security over convenience , especially when the system is exposed on the net. the web-user shouldn't be able to delete things which don't belong to him or his group. too many attack vectors... a line in the docs about how to set propper permissions for media files could do the job, i think. udo
last on this: is it (easily...) possible to switch media monitor to a different uid? pypo or www-data? i'd like to customize my installation. after some consideration i think root perms are a no-go for an exposed box. if there are only file/folder permissions affected, it should be easy, but i can imagine that there's more. tips appreciated, thanks, udo