Security issues with Linux

Xeoma Software

Moderators: Admin_N, Administrator, Admin_P, Admin_K

Security issues with Linux

Postby emlynb » Thu Jan 16, 2020 6:19 pm

Hi,

I run xeoma on Linux and it has some issues with regard to security.

Firstly, when starting as a service, xeoma wants to modify all of its directories to be 777 - i.e. world writable. This is a big issue as I want to be able to control access properly to the file system.

Secondly, it is not possible to run xeoma service with a user other than root, as it seems to need root capabilities:

Code: Select All Code
: xeoma : user NOT in sudoers ; TTY=unknown ; PWD=/usr/local ; USER=root ; COMMAND=/usr/local/bin/xeoma -instadm 789C6364606030640412C920C2088819400C630120A15F5A5CA49F939F9C98A31F919A9F9B08923001A90000927F072F


Is there a way to disable the world-writable folders (other than hacking a cron job to do this on a regular basis...)
Can someone either explain to me how to run xeoma as a non-root user or put this in as a feature request?
emlynb
 
Posts: 5
Joined: Thu Jan 16, 2020 6:15 pm

Re: Security issues with Linux

Postby emlynb » Fri Jan 17, 2020 7:42 pm

OK. After some mucking around, the simple way to fix the file permissions (hackily) is to change the start up script a bit.

XeomaCoreService before:
Code: Select All Code
[Unit]
Description=XeomaCore
After=syslog.target

[Service]
Type=simple
PIDFile=/var/run/XeomaCore.pid
ExecStart=/usr/local/bin/xeoma -service -startdelay 10

Restart=always
KillMode=process

[Install]
WantedBy=multi-user.target


and after:
Code: Select All Code
[Unit]
Description=XeomaCore
After=network.target syslog.target

[Service]
Type=simple
ExecStart=/usr/local/bin/xeoma -service -startdelay 5
ExecStartPost=/bin/sleep 3
ExecStartPost=/bin/chmod -R og-w /usr/local/Xeoma
Restart=always
KillMode=process

[Install]
WantedBy=multi-user.target


Probably needs a cron job too, as it may well reset them to 777 after doing its update....
emlynb
 
Posts: 5
Joined: Thu Jan 16, 2020 6:15 pm

Re: Security issues with Linux

Postby Admin_K » Thu Jan 30, 2020 12:57 pm

Good day!

Access under root is required only if you want to install Xeoma. If you want to use Xeoma under a different user, you can use it without installation.

Usually, if there's no need to install Xeoma and no hardware key is being used, Xeoma can be launch under a user without root rights.
Admin_K
 
Posts: 342
Joined: Tue Apr 07, 2015 2:20 pm


Return to Xeoma - General discussion

Who is online

Users browsing this forum: Google [Bot] and 11 guests