[Date Prev][Date Next][Thread Prev][Thread Next][Minivend by date ][Minivend by thread ]

Re: [mv] OpenBSD/nosuid drive issue

To: minivend-users@minivend.com
Subject: Re: [mv] OpenBSD/nosuid drive issue
From: Hans-Joachim Leidinger <jojo@buchonline.net>
Date: Sat, 08 Apr 2000 21:00:11 +0200
References: <008401bfa169$51c58380$0200a8c0@sfd>
Reply-To: minivend-users@minivend.com
Sender: owner-minivend-users@minivend.com

******    message to minivend-users from Hans-Joachim Leidinger <jojo@buchonline.net>     ******

Steve Fairhead schrieb:
> 
> ******    message to minivend-users from "Steve Fairhead" <steve@sfdesign.co.uk>     ******
> 
> Hi folks,
> 
> Newbie here. I'm slowly teaching myself MiniVend under OpenBSD 2.6 (motto:
> "secure by default") by osmosis. I've been lurking since 3.14, reading the
> docs/FAQs, soaking up the discussions here, taking my time. I keep running
> into one particular problem. The good part is that I might be starting to
> understand what's happening. Or not :).
> 
> >From the FAQ:
> >> We're sorry, the MiniVend server is unavailable...
> This is the most common problem on UNIX systems. It almost always means that
> permissions are not properly set up, or that the VLINK program is not
> setuid. Try temporarily changing the permission of the
> MINIVEND_ROOT/etc/socket file to be read/write to all groups ( chmod 666
> etc/socket). <<
> 
> I'm stuck here. Everything apparently works ok with the chmod 666 etc/socket
> trick, but I can't seem to close it down further, e.g. to groups. I think it
> may have to do with the fact that most of my drives are marked "nosuid" (in
> /etc/fstab). But even so...
> 
> My setup places each user in their own group first. The minivend server is
> running under user "minivend", group "mvusers". The catalog belongs to
> "steve", who is a member of the "mvusers" group. I've been similarly
> specific about the the minivend root file permissions and the cgi-bin file
> permission. I tried adding the Apache owner "www" (distinct from "nobody" in
> OBSD) to mvusers with no effect. Umask is 022. The error logs just show the
> server starting up & shutting down, in both UNIX and INET mode. I'm trying
> to stay within the ethic of uncompromised security.
> 
> I'm afraid I may have read the docs so often that it's woods/trees time...
> Any suggestions gratefully received; hygienic and anatomically possible
> preferred. (More detail available if required; this message intentionally
> concise.)

I have had the same similiar problem in FreeBSD. The only solution in my
case was to chown all the tlink and vlink files to the "minivend" and
"mvusers" and _not_ belongs to "steve" or any other members of the
"mvusers" group. What i mean is, chown all minivend files in cgi-bin
directory to the username and usergroup of the minivend program.

I hope, this can helps you too!

Regards,

	Joachim

-- 
-------------Hans-Joachim Leidinger---------------------


-
To unsubscribe from the list, DO NOT REPLY to this message.  Instead, send
email with 'UNSUBSCRIBE minivend-users' in the body to Majordomo@minivend.com.
Archive of past messages: http://www.minivend.com/minivend/minivend-list

Follow-Ups:
- RE: [mv] OpenBSD/nosuid drive issue
  - From: "Steve Fairhead" <steve@sfdesign.co.uk>

References:
- [mv] OpenBSD/nosuid drive issue
  - From: "Steve Fairhead" <steve@sfdesign.co.uk>

Prev by Date: Re: [mv] Setting MV session ID from outside of Minivend.]]
Next by Date: Re: [mv] Setting MV session ID from outside of Minivend.]]
Prev by thread: [mv] OpenBSD/nosuid drive issue
Next by thread: RE: [mv] OpenBSD/nosuid drive issue
Index(es):
- Date
- Thread