* [B.A.T.M.A.N.] running batman as non-root
@ 2007-09-14 9:45 Freifunk Dresden
2007-09-14 14:55 ` Marek Lindner
0 siblings, 1 reply; 3+ messages in thread
From: Freifunk Dresden @ 2007-09-14 9:45 UTC (permalink / raw)
To: The list for a Better Approach To Mobile Ad-hoc Networking
Hi,
I'm running batman (experimental) on a debian linux as root but want to
access the debug levels (batmand -c -b -d 1) from within a apache that
is not running as root.
batman actually checks the user id and does not allow to run as non-root
users. also when I disable the check, batman can not access the
/var/run/batman.socket except when I change the access modes from
command line.
but after each start of batman, the access rights are restricted to root.
Is it possible to also support non root access for batmand -c -b -d 1?
Regards
Stephan
^ permalink raw reply [flat|nested] 3+ messages in thread
* Re: [B.A.T.M.A.N.] running batman as non-root
2007-09-14 9:45 [B.A.T.M.A.N.] running batman as non-root Freifunk Dresden
@ 2007-09-14 14:55 ` Marek Lindner
2007-09-20 12:47 ` Freifunk Dresden
0 siblings, 1 reply; 3+ messages in thread
From: Marek Lindner @ 2007-09-14 14:55 UTC (permalink / raw)
To: The list for a Better Approach To Mobile Ad-hoc Networking
Hi,
> I'm running batman (experimental) on a debian linux as root but want to
> access the debug levels (batmand -c -b -d 1) from within a apache that
> is not running as root.
indeed a problem. As quick fix you could use sudo and allow www-data to access
batmand.
> batman actually checks the user id and does not allow to run as non-root
> users. also when I disable the check, batman can not access the
> /var/run/batman.socket except when I change the access modes from
> command line.
That is why batman checks the user id ...
> Is it possible to also support non root access for batmand -c -b -d 1?
The question is: Do we really want that ? I understand your case but your
solutions implies that other non-privileged could access the daemon.
The "batmand -c" command can do much more than giving you the debug output as
changing the gateway_class / routing_class / preferred gateway and may be
more in the future.
Regards,
Marek
^ permalink raw reply [flat|nested] 3+ messages in thread
* Re: [B.A.T.M.A.N.] running batman as non-root
2007-09-14 14:55 ` Marek Lindner
@ 2007-09-20 12:47 ` Freifunk Dresden
0 siblings, 0 replies; 3+ messages in thread
From: Freifunk Dresden @ 2007-09-20 12:47 UTC (permalink / raw)
To: The list for a Better Approach To Mobile Ad-hoc Networking
Hi,
Thanks, I no use the following setting in /etc/sudoers:
# Cmnd alias specification
Cmnd_Alias BATMAND=/usr/bin/batmand -c -b -d [0-9]
# User privilege specification
root ALL=(ALL) ALL
www-data ALL=NOPASSWD: BATMAND
^ permalink raw reply [flat|nested] 3+ messages in thread
end of thread, other threads:[~2007-09-20 12:47 UTC | newest]
Thread overview: 3+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2007-09-14 9:45 [B.A.T.M.A.N.] running batman as non-root Freifunk Dresden
2007-09-14 14:55 ` Marek Lindner
2007-09-20 12:47 ` Freifunk Dresden
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox