Re: [Nfsen-discuss] Permissions correct on profile.dat in "live"?
Netflow visualisation and investigation tool
Brought to you by:
phaag
Menu
▾
▴
Re: [Nfsen-discuss] Permissions correct on profile.dat in "live"?
|
From: Ivan A. B. <iv...@li...> - 2006-04-01 10:49:03
|
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On 31/03/2006 19:17, Tristan RHODES wrote: > I have installed nfsen 1.2.4 and nfdump 1.5. I tried to edit the > maximum size of the live profile from the web. However, I got an error > saying I didn't have permission to do this. I looked at the profile.dat > file in live, and it was owned by root:root. The other profiles I > created were owned by apache:apache. I did a chown apache:apache > /var/nfsen/profiles/live/profile.dat and I could edit the live profile > from the webpage. If live/profile.dat is installed root:root then either you didn't set the relevant entries in the nfsen.conf: ======================== # BASEDIR unrelated vars: # # Run nfcapd as this user # This may be a different or the same uid than your web server. # Note: This user must be in group $WWWGROUP, otherwise nfcapd # is not able to write data files! $USER = "netflow"; # user and group of the web server process # All netflow processing will be done with this user $WWWUSER = "apache"; $WWWGROUP = "apache"; <snip> ======================== ... or there is a buglet in the installation script; is this installed from source or *BSD ports (that would give an idea as to who's problem it may be). > Is this a feature, or should it be changed? It appears the profile.dat > file is owned by whoever ran ./install.pl. Is there a way to know the > correct web user? Some distros it is www-data and some use apache. The correct web user is variable for at least 2 reasons: * different distributions use different usernames (specified in the apache.conf / httpd.conf) to run apache as. * you may want to use apache-suexec, and so have a completely different user/group. I'm not sure if nfsen will run OK under suexec, but that could be another reason. Hopefully somewhere in that lot is a useful answer for you :) Cheers Ivan - -- Ivan Beveridge <iv...@li...> http://www.linx.net/ -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.1 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFELlpeQQZN5jq7vncRAh9NAJ44AibHHyq+n2bsBxyKDRa4BGmdBwCffI5c lL3cmuFDIzsKAhVtWten3dM= =vY4X -----END PGP SIGNATURE----- |
