Felenasoft

[emlynb]

Hi,

I run xeoma on Linux and it has some issues with regard to security.

Firstly, when starting as a service, xeoma wants to modify all of its directories to be 777 - i.e. world writable. This is a big issue as I want to be able to control access properly to the file system.

Secondly, it is not possible to run xeoma service with a user other than root, as it seems to need root capabilities:

Code: Select All Code

: xeoma : user NOT in sudoers ; TTY=unknown ; PWD=/usr/local ; USER=root ; COMMAND=/usr/local/bin/xeoma -instadm 789C6364606030640412C920C2088819400C630120A15F5A5CA49F939F9C98A31F919A9F9B08923001A90000927F072F

Is there a way to disable the world-writable folders (other than hacking a cron job to do this on a regular basis...)
Can someone either explain to me how to run xeoma as a non-root user or put this in as a feature request?

[emlynb]

OK. After some mucking around, the simple way to fix the file permissions (hackily) is to change the start up script a bit.

XeomaCoreService before:

Code: Select All Code

[Unit]
Description=XeomaCore
After=syslog.target

[Service]
Type=simple
PIDFile=/var/run/XeomaCore.pid
ExecStart=/usr/local/bin/xeoma -service -startdelay 10

Restart=always
KillMode=process

[Install]
WantedBy=multi-user.target


and after:

Code: Select All Code

[Unit]
Description=XeomaCore
After=network.target syslog.target

[Service]
Type=simple
ExecStart=/usr/local/bin/xeoma -service -startdelay 5
ExecStartPost=/bin/sleep 3
ExecStartPost=/bin/chmod -R og-w /usr/local/Xeoma
Restart=always
KillMode=process

[Install]
WantedBy=multi-user.target


Probably needs a cron job too, as it may well reset them to 777 after doing its update....

[Admin_K]

Good day!

Access under root is required only if you want to install Xeoma. If you want to use Xeoma under a different user, you can use it without installation.

Usually, if there's no need to install Xeoma and no hardware key is being used, Xeoma can be launch under a user without root rights.