LinuxQuestions.org
Visit Jeremy's Blog.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Security
User Name
Password
Linux - Security This forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.

Notices


Reply
  Search this Thread
Old 01-22-2005, 05:53 AM   #1
iskrem
LQ Newbie
 
Registered: Nov 2004
Location: Norway
Distribution: Gentoo
Posts: 25

Rep: Reputation: 15
Music Player Deamon - running as multimedia / security related.


In the Mpd config file it is recommended to run the deamon as a non-privelegied account. I made a mpdplayer account, but I realize that I need to change permissions on a bunch of files including the/var/lib directorie.

Is this correct? Should I really change permissions to /var/lib directorie? Or is there another way of doing this?

Last edited by iskrem; 01-22-2005 at 09:09 AM.
 
Old 01-22-2005, 10:44 AM   #2
HolyCoitus
LQ Newbie
 
Registered: May 2004
Location: Fort Wayne, Indiana
Distribution: Gentoo and Debian
Posts: 4

Rep: Reputation: 0
You can create a directory for the playlists and the error logs that is not in /var/. I use /usr/share/mpd for mine, which is the default on Gentoo.

Code:
port "6600"
music_directory "/mnt/temp/music"
playlist_directory "/usr/share/mpd/playlists"
log_file "/usr/share/mpd/mpd.log"
error_file "/usr/share/mpd/error.log"
user "mpd"
That's what my mpd.conf looks like. The logging doesn't go through syslog, so it isn't that big of a problem. The only issue I had was making it so that mpd could access the sound devices. I definitely wouldn't run mpd on a multiuser box that has ssh access from people who may enjoy playing pranks. Heh.
 
Old 01-22-2005, 11:55 AM   #3
iskrem
LQ Newbie
 
Registered: Nov 2004
Location: Norway
Distribution: Gentoo
Posts: 25

Original Poster
Rep: Reputation: 15
But I still have to give this user write privelegies to /usr/share? Wouldn't that be the same as giving write permissions to /var/lib?

I will only give this particular user access to the service and I will password protect it somehow.

Last edited by iskrem; 01-22-2005 at 12:09 PM.
 
Old 01-22-2005, 07:20 PM   #4
HolyCoitus
LQ Newbie
 
Registered: May 2004
Location: Fort Wayne, Indiana
Distribution: Gentoo and Debian
Posts: 4

Rep: Reputation: 0
You only have to give the user access to the directory, not the root directory. of it. So you would just have /usr/share setup normally and create a subdirectory under it allowing the user for mpd write access.
 
Old 01-23-2005, 06:09 AM   #5
iskrem
LQ Newbie
 
Registered: Nov 2004
Location: Norway
Distribution: Gentoo
Posts: 25

Original Poster
Rep: Reputation: 15
I made a group multimedia, neverthless I forgot to give my user multimedia group access to multimedia. So it works now.

Thanks a lot.
 
Old 01-23-2005, 03:35 PM   #6
iskrem
LQ Newbie
 
Registered: Nov 2004
Location: Norway
Distribution: Gentoo
Posts: 25

Original Poster
Rep: Reputation: 15
You were saying something about granting access to audio devices as this user.

I made a group audio and give it access a group to /dev/dsp, /dev/mixer and /dev/snd/*. Then I added the user group access to audio. Is this a good solution?

And last: In system-config-users in Fedora Core 2 you can choose primary group, what is this?

Last edited by iskrem; 01-23-2005 at 04:05 PM.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
Multimedia player the_gripmaster Linux - Software 8 10-30-2005 02:03 PM
Multimedia player? jimmi323 Linux - Software 5 06-17-2005 07:15 PM
Best distribution for multimedia/music DAW mandible Linux - General 1 11-30-2004 09:44 AM
How could i disable deamon that's running which i don't need Paxmaster Linux - Software 1 10-11-2004 04:54 PM
Problems with running a deamon at boot time e0n Linux - Software 9 05-06-2003 08:48 PM

LinuxQuestions.org > Forums > Linux Forums > Linux - Security

All times are GMT -5. The time now is 02:02 AM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration