Felenasoft

Hi,

I run xeoma on Linux and it has some issues with regard to security.

Firstly, when starting as a service, xeoma wants to modify all of its directories to be 777 - i.e. world writable. This is a big issue as I want to be able to control access properly to the file system.

Secondly, it is not possible to run xeoma service with a user other than root, as it seems to need root capabilities:

Code: Select All Code

: xeoma : user NOT in sudoers ; TTY=unknown ; PWD=/usr/local ; USER=root ; COMMAND=/usr/local/bin/xeoma -instadm 789C6364606030640412C920C2088819400C630120A15F5A5CA49F939F9C98A31F919A9F9B08923001A90000927F072F

Is there a way to disable the world-writable folders (other than hacking a cron job to do this on a regular basis...)
Can someone either explain to me how to run xeoma as a non-root user or put this in as a feature request?

OK. After some mucking around, the simple way to fix the file permissions (hackily) is to change the start up script a bit.

XeomaCoreService before:

Code: Select All Code

[Unit]
Description=XeomaCore
After=syslog.target

[Service]
Type=simple
PIDFile=/var/run/XeomaCore.pid
ExecStart=/usr/local/bin/xeoma -service -startdelay 10

Restart=always
KillMode=process

[Install]
WantedBy=multi-user.target


and after:

Code: Select All Code

[Unit]
Description=XeomaCore
After=network.target syslog.target

[Service]
Type=simple
ExecStart=/usr/local/bin/xeoma -service -startdelay 5
ExecStartPost=/bin/sleep 3
ExecStartPost=/bin/chmod -R og-w /usr/local/Xeoma
Restart=always
KillMode=process

[Install]
WantedBy=multi-user.target


Probably needs a cron job too, as it may well reset them to 777 after doing its update....

Good day!

Access under root is required only if you want to install Xeoma. If you want to use Xeoma under a different user, you can use it without installation.

Usually, if there's no need to install Xeoma and no hardware key is being used, Xeoma can be launch under a user without root rights.