users, permissions and security: Executing aMule without "root" user

[empatico]

Hi all.

I'm concerned about the users, permissions and security on unix-like systems and specially on my PCH. Usually i run gnu/linux on my computer, but i don't know how to set up users and permissions properly because ubuntu do it for me (damn user friendly distros ^^). Now i try to set up users and permissions on my PCH but i'm confused.

When i type "vi /etc/passwd" i see "guest" is the default non root user:


also i see "nmt" is the owner of barely all the documents and folders from "/share", including those who i created via samba:


I want know wich user from the users list i should use to run the programs i installed inside my PCH (as midnight comander, iperf, ... ) if i don't want to use the root account.
Specially i want know how run amule and transmission without the root account for security reasons. Also, wich way do you recommend if i want run those apps automaticly every time i reset my PCH?

[lordy]

Ideally The applications themselves should have a configuration option to switch user from root to another user.
Double check with the ps command

Files on the internal H should be created under the NMT account.

I sometimes do

Code:

chown -R nmt:nmt /share/.

after a telnet session to make sure ownership is correct. This doesnt take too long as there are usually not too many files on a hard drive dedicated to holding large media files.

Another approach is to run the command as the nmt user in the first place.

The following command will start a new interactive shell under the nmt account...

Code:

su nmt -s /bin/sh

And the following command should execute a single command under the nmt account...

Code:

su nmt -s /bin/sh -c "command and options in quotes"

Although this will have problems if the command has arguments that have spaces.
In which case start a shell first.

[empatico]

Thank you, now i see it clearer.

I really knew su, chmod, and those all commands.

I will use "chown -R nmt:nmt /share/" to make sure ownership is correct as you said.

Now i understand i should use nmt account because is the owner of all "/share". I will try run amule with nmt user and i will watch if it work properly.

I don't know if i could run transmission as nmt user, because it runs automaticaly on every startup but i will try.

[empatico]

Midnight Comander works fine with the nmt account, now i won't edit or delete the root stuff by mistake. Iperf works fine too. Perhaps i have problems with aMule.

i changed the owner of all the files needed for run amule:

/mnt/syb8634/etc/amule.sh


/mnt/syb8634/bin/amuled
/mnt/syb8634/bin/amulecmd
/mnt/syb8634/bin/amuleweb


Also i changed the owner of all the files inside "/share/.aMule" folder:


When i run the script "amule.sh" with the "nmt" account, i see the program can not start because the path "/home/nmt/.aMule". I can not find these path, also i think the correct path should be "/share/.aMule":



I'm not sure if the solution it's creating the path "/home/nmt/.aMule" with the root account and then changing the owner of the path to "nmt" user.
Then i can move all the files inside "/share/.aMule" to "/home/nmt/.aMule" and then run amule.sh script. Of course i will keep "/Temp" and "/Incoming" folders inside "/share" folder.

[lordy]

(12-29-2008 03:18 PM)empatico Wrote:  When i run the script "amule.sh" with the "nmt" account, i see the program can not start because the path "/home/nmt/.aMule". I can not find these path, also i think the correct path should be "/share/.aMule":

It's looking for the nmt users home folder.
I'd be wary of adding a home folder for nmt user because it may affect other applications or other parts of the nmt configuration. There may be no problem, but you never know.

amule should have start up option to allow alternate location for the ~/.aMule folder (I guess the existing installtion was already using this option to avoid using the root home folder)

[empatico]

I understand what you say.

The amule.conf file have the OSDirectory option. I tried with "OSDirectory=/share//.aMule/" and "OSDirectory=/.aMule/", but amule still search the "/home/nmt/.aMule" path.

I think that don't work because amule can't find the amule.conf file inside /share/.aMule/ path. Now i'm really confused. How could i say amule where find the amule.conf file?

---

Maybe another solution it's create a new user just for execute amule.sh. this user should have the correct home path: /bin/true or whatever

I'm giving you a lot of work, but i hope this will be usefull for those who have low posix skills, like me.

[lordy]

(12-29-2008 05:24 PM)empatico Wrote:  I understand what you say.

The amule.conf file have the OSDirectory option. I tried with "OSDirectory=/share//.aMule/" and "OSDirectory=/.aMule/", but amule still search the "/home/nmt/.aMule" path.

I think that don't work because amule can't find the amule.conf file inside /share/.aMule/ path. Now i'm really confused. How could i say amule where find the amule.conf file?

---

Maybe another solution it's create a new user just for execute amule.sh. this user should have the correct home path: /bin/true or whatever

I'm giving you a lot of work, but i hope this will be usefull for those who have low posix skills, like me.

Hi , I'm not too familir with the amule setup, perhaps if you re-post with amule in the title someone could help out.

Creating a new user could work , but I suspect the user would have to be re-created at reboot. I think if someone could helpout on finding .amule conf under nmt user that would be the way to go. Or ask the person who ported it, if there is any simple way to run as the nmt user.

Good luck

[empatico]

Title edited. Thank you for your help. I will keep working because i'm learning and it's funny.