Observations about the 1.3 install script


#1

In 1.90.2.75 from CVS:

The `dirs’ target doesn’t create the WEBRT_DATA_PATH directory, so
fixperms fails.

Also, I don’t think these lines are really right:

chown -R $(RTUSER) $(RT_PATH)
chgrp -R $(RTGROUP) $(RT_PATH)  

Firstly, they break badly if RT_PATH is /usr/local. Or is that not
supposed to happen.

Secondly, if RT is going to run as user rt.rt then it’s probably more
secure not to have that user own those scripts and configuration files,
if that’s possible. Rather the webmaster or root should own them. Would
this fit into the design of RT? Also, could the rtmux.pl script perhaps
be setgid rather than setuid?

RT looks very promising – thanks,

Martin Pool, Linuxcare, Inc.
+61 2 6262 8990
mbp@linuxcare.com, http://www.linuxcare.com/
Linuxcare. Support for the revolution.


#2

In 1.90.2.75 from CVS:

The `dirs’ target doesn’t create the WEBRT_DATA_PATH directory, so
fixperms fails.

Thanks, it should be OK now (I hope :slight_smile:

Also, I don’t think these lines are really right:

chown -R $(RTUSER) $(RT_PATH)
chgrp -R $(RTGROUP) $(RT_PATH)

Hm. Better suggestions? Do we really need them? Maybe we should do a
check on whether the dirs exists first?

I’ve made a “if not exist” test around this, but it’s not tested yet and
I’m not sure if it works. Can somebody please look over it? :slight_smile:

Firstly, they break badly if RT_PATH is /usr/local.

Ouch.

Or is that not supposed to happen.

I think it should be possible to use /usr/local or another similar
shared root, yes…

Secondly, if RT is going to run as user rt.rt then it’s probably more
secure not to have that user own those scripts and configuration files,
if that’s possible. Rather the webmaster or root should own them. Would
this fit into the design of RT?

For RT2 it really shouldn’t matter. The only thing that matters is that
it should be able to read the DB password … I think it’s stored in
config.pm as for now. That means config.pm must be readable only for the
RT scripts. I think Jesse has some thoughts about this, anyway?

Also, could the rtmux.pl script perhaps
be setgid rather than setuid?

I guess that’s the plan.

“The trouble with the world is that the stupid are
cocksure and the intelligent are full of doubt.”

  • Bertrand Russell

#3

Also, I don’t think these lines are really right:

chown -R $(RTUSER) $(RT_PATH)
chgrp -R $(RTGROUP) $(RT_PATH)  

Hm. Better suggestions?

Only chown files or directories which must be writable by rt. I guess
this means only the password file, since everything else is in the db?

Secondly, if RT is going to run as user rt.rt then it’s probably more
secure not to have that user own those scripts and configuration files,
if that’s possible. Rather the webmaster or root should own them. Would
this fit into the design of RT?

For RT2 it really shouldn’t matter. The only thing that matters is that
it should be able to read the DB password … I think it’s stored in
config.pm as for now. That means config.pm must be readable only for the
RT scripts. I think Jesse has some thoughts about this, anyway?

I agree that it’s not critical, but if there is nothing gained then it
should not be done. Since some people run RT on internet-accessible
machine security is not unimportant.

Also, could the rtmux.pl script perhaps
be setgid rather than setuid?

I guess that’s the plan.

Martin Pool, Linuxcare, Inc.
+61 2 6262 8990
mbp@linuxcare.com, http://www.linuxcare.com/
Linuxcare. Support for the revolution.


#4

Only chown files or directories which must be writable by rt. I guess
this means only the password file, since everything else is in the db?

I did modify it like this:

fixperms:
if [ ! -d $(RT_PATH) ] ;
then
chown -R $(RTUSER) $(RT_PATH)
chgrp -R $(RTGROUP) $(RT_PATH)
chmod 0755 $(RT_PATH)
fi

chmod -R 755 $(RT_LIB_PATH)
chmod -R 0750 $(RT_ETC_PATH)
chmod 0755 $(RT_BIN_PATH)
chmod 0755 $(WEBRT_CGI_PATH)
chmod 4755 $(RT_PERL_MUX)
chmod 777  $(WEBRT_DATA_PATH)

I haven’t tested it … but it should be pretty OK, shouldn’t it?

I agree that it’s not critical, but if there is nothing gained then it
should not be done. Since some people run RT on internet-accessible
machine security is not unimportant.

I guess the plan is to make the script sgid and make the config (with the
password) group readable. Do you have better suggestions?

“The trouble with the world is that the stupid are
cocksure and the intelligent are full of doubt.”

  • Bertrand Russell