From: Jeff B. <je...@bu...> - 2005-09-14 02:33:49
|
OK - I'm glad I didn't say 100% that permissions weren't the problem! I finally had a chance to take a look at the problem this evening, and I had forgotten that the configuration file was set to run as the user "nobody" and group "nobody". So permissions were, indeed, the problem - thanks! Jeff Jeff Buehler wrote: > I'm 90% certain that's not the problem here. When you start or stop a > service under Windows (be it at boot time or manually using the > Services MMC), you are doing so not as the user starting or stopping > it but as the user designated as owner of the service ("Log on as"). > This is the same under *BSD or Linux, unless doing something more > elaborate like CHROOT (or "jailing" a process) which I am not doing > here. In other words, even running ASSP as root I get the same > behavior, so I'm reasonably certain that something else is up other > than permissions. > > I still think it must be related to some environment variable... but I > don't know enough about what ASSP is doing to access it's logs, > whitelist, etc. to be certain. Like I said, I see this problem ALL OF > THE TIME with ASSP where I go to look at the logs, whitelist, etc. > after making a small change and they are simply not accessible via the > web interface because of an extra pipe or an incorrect IP, or any > number of other things. It seems really fragile with respect to the > way it accesses external files, permissions aside. > > Any other ideas? Anyone know about what ASSP is doing (in some > detail) to access its external files, mostly as relates to paths? > > Thanks! > > Jeff > > Micheal Espinola Jr wrote: > >> I'm guessing it has to do with the security context of how the >> process is started. I'm not Linux user, but I know there are >> parallels between the OS's >> >> I am assuming that for your implementation, at boot ASSP is starting >> with some hefty perms that perhaps your login account doesn't have. >> >> In Windows 2000, I have ASSP running as a "service" - which means the >> OS starts up ASSP on its own during boot up, and runs with high-level >> perms (running as "SYSTEM"). I'm assuming the *NIX equivalent to a >> service would be a "daemon". If I was to log on, stop ASSP and >> manually start it (instead of restarting the service/daemon), ASSP >> would run with the perms of my login account - which may or may not >> be sufficient (depending on OS hardening, general account perms, etc). >> >> HTH >> >> On 9/13/05, *Jeff Buehler* <je...@bu... >> <mailto:je...@bu...>> wrote: >> >> Not really - that is possible, but how would the permissions differ >> between boot and manual running of the script under Linux? >> >> Micheal Espinola Jr wrote: >> >> > have you checked for a perm-related issue - unable to write to >> the >> > config file? >> > >> > On 9/13/05, *Jeff Buehler* < je...@bu... >> <mailto:je...@bu...> >> > <mailto:je...@bu... <mailto:je...@bu...>>> >> wrote: >> > >> > Hi all - >> > >> > This is a bit of a strange problem, but it might have an >> obvious >> > answer. I recently set up ASSP on a Gentoo Linux >> platform. On >> > reboot, >> > everything runs great. If I stop/start/restart ASSP from >> the same >> > script used at boot time, though, I lose all of my settings >> (no >> > log, no >> > whitelist, etc.). >> > >> > I have seen this behavior a LOT with ASSP when something is >> mis >> > configured (an IP is out of place, and so on), but in this >> case it >> > must >> > have something to do with an environment variable, like a >> path, as >> > relates to how ASSP is being invoked (at least I think it >> must be >> > that!) >> > >> > Does anyone have any ideas about this? By the way, I am >> using a very >> > custom ASSP solution rather than the "package" (Portage, in >> Gentoo's >> > case) for reasons that aren't really worth getting into (I >> am using a >> > mirrored copy of ASSP that needs to be at a specific, >> non-standard >> > location). This is probably related in the sense that ASSP >> seems to >> > lose context after being restarted somehow... >> > >> > Thanks for any input! >> > >> > Jeff >> > >> > >> > >> > ------------------------------------------------------- >> > SF.Net email is sponsored by: >> > Tame your development challenges with Apache's Geronimo App >> Server. >> > Download it for free - -and be entered to win a 42" plasma >> tv or >> > your very >> > own Sony(tm)PSP. Click here to play: >> > http://sourceforge.net/geronimo.php >> > _______________________________________________ >> > Assp-user mailing list >> > Ass...@li... >> <mailto:Ass...@li...> >> > <mailto:Ass...@li... >> <mailto:Ass...@li...>> >> > https://lists.sourceforge.net/lists/listinfo/assp-user >> > >> > >> > >> > >> > -- >> > ME2 < http://www.santeriasys.net/> >> >> >> >> >> ------------------------------------------------------- >> SF.Net email is sponsored by: >> Tame your development challenges with Apache's Geronimo App Server. >> Download it for free - -and be entered to win a 42" plasma tv or >> your very >> own Sony(tm)PSP. Click here to play: >> http://sourceforge.net/geronimo.php >> _______________________________________________ >> Assp-user mailing list >> Ass...@li... >> <mailto:Ass...@li...> >> https://lists.sourceforge.net/lists/listinfo/assp-user >> >> >> >> >> -- >> ME2 < http://www.santeriasys.net/> > > > > > > ------------------------------------------------------- > SF.Net email is sponsored by: > Tame your development challenges with Apache's Geronimo App Server. > Download it for free - -and be entered to win a 42" plasma tv or your > very > own Sony(tm)PSP. Click here to play: http://sourceforge.net/geronimo.php > _______________________________________________ > Assp-user mailing list > Ass...@li... > https://lists.sourceforge.net/lists/listinfo/assp-user > |