elogd runs by a user but not by root, posted by Dongwook Jang on Tue Apr 28 21:25:31 2009
|
Hi,
I really don't understand why elogd cannot run by root but it runs by a user.
I've put elog deamon in /etc/init.d. So it didn't bring up, but it runs if I run it by user interactively.
Thanks,
Dongwook |
Re: elogd runs by a user but not by root, posted by Stefan Ritt on Wed Apr 29 07:52:57 2009
|
| Dongwook Jang wrote: |
|
Hi,
I really don't understand why elogd cannot run by root but it runs by a user.
I've put elog deamon in /etc/init.d. So it didn't bring up, but it runs if I run it by user interactively.
Thanks,
Dongwook
|
That's a security issue. If elogd runs under a user and gets hacked, the hacker obtains just the user rights, which can be limited. If it runs under root, the hacker will automatically get root rights, which is bad. Technically, there is no reason why elogd cannot be run as root. Just put
Usr = root
Grp = root
into elogd.cfg. |
|
Re: elogd runs by a user but not by root, posted by Dongwook Jang on Wed Apr 29 18:20:38 2009
|
| Stefan Ritt wrote: |
|
| Dongwook Jang wrote: |
|
Hi,
I really don't understand why elogd cannot run by root but it runs by a user.
I've put elog deamon in /etc/init.d. So it didn't bring up, but it runs if I run it by user interactively.
Thanks,
Dongwook
|
That's a security issue. If elogd runs under a user and gets hacked, the hacker obtains just the user rights, which can be limited. If it runs under root, the hacker will automatically get root rights, which is bad. Technically, there is no reason why elogd cannot be run as root. Just put
Usr = root
Grp = root
into elogd.cfg.
|
Hi,
I wonder how others manage this situation because deamons in /etc/init.d is excercuted by root. So I cannot run in /etc/init.d/elogd when the system starts up.
What do you think?
Thanks,
Dongwook |
|
Re: elogd runs by a user but not by root, posted by Stefan Ritt on Thu Apr 30 08:40:43 2009
|
| Dongwook Jang wrote: |
|
Hi,
I wonder how others manage this situation because deamons in /etc/init.d is excercuted by root. So I cannot run in /etc/init.d/elogd when the system starts up.
What do you think?
Thanks,
Dongwook
|
The normal situation is that elogd gets started by root under /etc/init.d/, then the configuration file contains "Usr = elog" and "Grp = elog", so after it has been started as root, the program falls back to the "elog" user, which only has restricted rights.
|
|
Re: elogd runs by a user but not by root, posted by Dongwook Jang on Thu Apr 30 20:49:03 2009
|
| Stefan Ritt wrote: |
| Dongwook Jang wrote: |
|
Hi,
I wonder how others manage this situation because deamons in /etc/init.d is excercuted by root. So I cannot run in /etc/init.d/elogd when the system starts up.
What do you think?
Thanks,
Dongwook
|
The normal situation is that elogd gets started by root under /etc/init.d/, then the configuration file contains "Usr = elog" and "Grp = elog", so after it has been started as root, the program falls back to the "elog" user, which only has restricted rights.
|
Now I realized that it is not a problem in /etc/init.d, but deamon itself.
When I run the following command as a root, it didn't run
/mnt/wd500/jnj/products/elog/sbin/elogd -D -c /mnt/wd500/jnj/products/elog/elog/elogd.cfg
But, it runs when I did as a user.
I really don't understand this strange behavior.
Thanks, |
|
Database Like - ELOG Format, posted by mike cianci on Wed Apr 29 12:28:13 2009
|
Stefan,
I am using the Database Like - ELOG format and on the list page, the the last two columns (on the right side) are, "Text" and "Attachments (the paperclip)".
Both of which I have deleted from the input page.
Is there anyway to remove them from the List page?
Thanks, Mike |
|
Re: Database Like - ELOG Format, posted by Stefan Ritt on Thu Apr 30 08:48:01 2009
|
| mike cianci wrote: |
|
Stefan,
I am using the Database Like - ELOG format and on the list page, the the last two columns (on the right side) are, "Text" and "Attachments (the paperclip)".
Both of which I have deleted from the input page.
Is there anyway to remove them from the List page?
Thanks, Mike
|
You need:
Show text = 0
Enable Attachments = 0
to supress the text entry box and the attachment field.
Display search = ID, Type, Location, Status
to show only the attributs of interest in the list display (your attributes could be different)
Summary lines = 0
to supress the text in the list display. At the moment, this still shows the paperclip colum, but I want to fix this in the next version.
|
|
Error: Failed dependencies: , posted by Carl Shirey on Wed Nov 12 16:41:44 2008
|
I went to upgrade to the new version of elog I receive a error message that is.
error: Failed dependencies:
libssl.so.6 is needed by elog-2.7.5-1.i386
rtld(GNU_HASH) is needed by elog-2.7.5-1.i386
Do I need these dependencies for elog to work? If I do need them where do I get them for Suse 10.2.
Thank you for any help.
Carl
|
|
Re: Error: Failed dependencies: , posted by Stefan Ritt on Mon Nov 17 10:23:35 2008
|
| Carl Shirey wrote: |
|
I went to upgrade to the new version of elog I receive a error message that is.
error: Failed dependencies:
libssl.so.6 is needed by elog-2.7.5-1.i386
rtld(GNU_HASH) is needed by elog-2.7.5-1.i386
Do I need these dependencies for elog to work? If I do need them where do I get them for Suse 10.2.
Thank you for any help.
Carl
|
Starting from 2.7.5, elog needs libssl for any https:// connection. Just install the RPM like you install any other RPM. Now I'm not familar with SUSE, but I found links like that:
http://lenz.homelinux.org/RPMs/
from where you can obtain RPMs. You might have to adjust your YaST installation sources. The package you need should be named opensll-xxx where xxx is some number. |
|
Re: Error: Failed dependencies: , posted by Carl Shirey on Mon Nov 17 19:56:04 2008
|
| Stefan Ritt wrote: |
|
| Carl Shirey wrote: |
|
I went to upgrade to the new version of elog I receive a error message that is.
error: Failed dependencies:
libssl.so.6 is needed by elog-2.7.5-1.i386
rtld(GNU_HASH) is needed by elog-2.7.5-1.i386
Do I need these dependencies for elog to work? If I do need them where do I get them for Suse 10.2.
Thank you for any help.
Carl
|
Starting from 2.7.5, elog needs libssl for any https:// connection. Just install the RPM like you install any other RPM. Now I'm not familar with SUSE, but I found links like that:
http://lenz.homelinux.org/RPMs/
from where you can obtain RPMs. You might have to adjust your YaST installation sources. The package you need should be named opensll-xxx where xxx is some number.
|
Thank you
I will look into it.
Carl |
|
Re: Error: Failed dependencies: , posted by Rob Snihur on Tue Apr 28 05:53:19 2009
|
| Carl Shirey wrote: |
|
| Stefan Ritt wrote: |
|
| Carl Shirey wrote: |
|
I went to upgrade to the new version of elog I receive a error message that is.
error: Failed dependencies:
libssl.so.6 is needed by elog-2.7.5-1.i386
rtld(GNU_HASH) is needed by elog-2.7.5-1.i386
Do I need these dependencies for elog to work? If I do need them where do I get them for Suse 10.2.
Thank you for any help.
Carl
|
Starting from 2.7.5, elog needs libssl for any https:// connection. Just install the RPM like you install any other RPM. Now I'm not familar with SUSE, but I found links like that:
http://lenz.homelinux.org/RPMs/
from where you can obtain RPMs. You might have to adjust your YaST installation sources. The package you need should be named opensll-xxx where xxx is some number.
|
Thank you
I will look into it.
Carl
|
Hi,
I just tried to install the latest elog on linux Fedora 10. I also get an error saying that libssl.so.6 is needed.
But I already have libssl.so.7 installed. Should I also install libssl.so.6 ?
thx,
-rob
[snihur@nunllap01 ~]$ rpm -qa | grep ssl
qca-ossl-2.0.0-0.4.beta3.fc10.i386
openssl-0.9.8g-12.fc10.i686
docbook-style-dsssl-1.79-5.fc9.noarch
nss_compat_ossl-0.9.4-2.fc10.i386
openssl-devel-0.9.8g-12.fc10.i386
[snihur@nunllap01 ~]$ rpm -q --provides openssl
config(openssl) = 0.9.8g-12.fc10
lib4758cca.so
libaep.so
libatalla.so
libchil.so
libcrypto.so.7
libcswift.so
libgmp.so
libnuron.so
libssl.so.7
libsureware.so
libubsec.so
openssl = 0.9.8g-12.fc10
openssl(x86-32) = 0.9.8g-12.fc10 |
|
Re: Error: Failed dependencies: , posted by Stefan Ritt on Tue Apr 28 07:53:37 2009
|
| Rob Snihur wrote: |
|
| Carl Shirey wrote: |
|
| Stefan Ritt wrote: |
|
| Carl Shirey wrote: |
|
I went to upgrade to the new version of elog I receive a error message that is.
error: Failed dependencies:
libssl.so.6 is needed by elog-2.7.5-1.i386
rtld(GNU_HASH) is needed by elog-2.7.5-1.i386
Do I need these dependencies for elog to work? If I do need them where do I get them for Suse 10.2.
Thank you for any help.
Carl
|
Starting from 2.7.5, elog needs libssl for any https:// connection. Just install the RPM like you install any other RPM. Now I'm not familar with SUSE, but I found links like that:
http://lenz.homelinux.org/RPMs/
from where you can obtain RPMs. You might have to adjust your YaST installation sources. The package you need should be named opensll-xxx where xxx is some number.
|
Thank you
I will look into it.
Carl
|
Hi,
I just tried to install the latest elog on linux Fedora 10. I also get an error saying that libssl.so.6 is needed.
But I already have libssl.so.7 installed. Should I also install libssl.so.6 ?
thx,
-rob
[snihur@nunllap01 ~]$ rpm -qa | grep ssl
qca-ossl-2.0.0-0.4.beta3.fc10.i386
openssl-0.9.8g-12.fc10.i686
docbook-style-dsssl-1.79-5.fc9.noarch
nss_compat_ossl-0.9.4-2.fc10.i386
openssl-devel-0.9.8g-12.fc10.i386
[snihur@nunllap01 ~]$ rpm -q --provides openssl
config(openssl) = 0.9.8g-12.fc10
lib4758cca.so
libaep.so
libatalla.so
libchil.so
libcrypto.so.7
libcswift.so
libgmp.so
libnuron.so
libssl.so.7
libsureware.so
libubsec.so
openssl = 0.9.8g-12.fc10
openssl(x86-32) = 0.9.8g-12.fc10
|
The RPM system is a bit picky about which version is required. I believe you have to install libssl.so.7 or compile elog from the sources, which is very simple. |
mail to localhost?, posted by Mike on Fri Apr 17 22:44:58 2009
|
Initially I thought you had to specify a port number after localhost for emailing.
As it turns out just putting "localhost" as the email server in the elog config
file works just fine. We have a strange problem where our elog server is running.
our outgoing mail has to be routed through port 465 and SSL. I had to set up
postfix and stunnel to handle this arrangement. |
|
Re: mail to localhost?, posted by Stefan Ritt on Fri Apr 24 12:25:16 2009
|
What was your problem (maybe others could benefit from this information...) ??? |
|
Is there a way to import old log messages, posted by Joseph Le on Tue Apr 21 16:29:23 2009
|
I update my elog from version 2.7.5 to 2.7.6 and mistakenly replace configuration file. so i have to reconfigure everything from ground up. when my elog back online, old log messages are not show up. is there a way to import old log messages from old log book to new one.
thanks |
|
Re: Is there a way to import old log messages, posted by Stefan Ritt on Fri Apr 24 09:03:05 2009
|
| Joseph Le wrote: |
|
I update my elog from version 2.7.5 to 2.7.6 and mistakenly replace configuration file. so i have to reconfigure everything from ground up. when my elog back online, old log messages are not show up. is there a way to import old log messages from old log book to new one.
thanks
|
You don't have to import old log book messages, they should be shown automatically (as long as you don't overwrite your configuration file mistakenly). If you had a different logbook name (not "demo") your files will still be there under c:\Program Files\ELOG\logbooks\<logbook name>. Just add the proper name in elogd.cfg, restart elogd and you will see your old messages. |
|
Config so that users can delete only their own entries?, posted by Dennis Seitz on Wed Apr 15 17:57:19 2009
|
I've tried
Deny_Delete = All
Allow Delete = $author
and just
Allow Delete = $author
But either users can delete anyone's entries, or they can't delete any entries.
Am I missing something? If not, can you add the capability to allow users to delete, but only their own entries?
Thanks as usual for a great piece of code! |
|
Re: Config so that users can delete only their own entries?, posted by Stefan Ritt on Thu Apr 16 08:34:03 2009
|
| Dennis Seitz wrote: | I've tried
Deny_Delete = All
Allow Delete = $author
and just
Allow Delete = $author
But either users can delete anyone's entries, or they can't delete any entries.
Am I missing something? If not, can you add the capability to allow users to delete, but only their own entries?
Thanks as usual for a great piece of code! |
You cannot put $author into any Allow or Deny option, only explicit login names (not "full" names). What you want however is
Restrict Edit = 1
which lets only the original author either delete or edit entries. If you use that option, you probably want as well
Preset Author = $long_name
Preset on reply Author = $long_name
Preset on duplicate Author = $long_name
Locked Attributes = Author
So a user cannot pretend to be somebody else. You also need a valid "admin user = ..." statement. Note that the admin user always can delete/edit entries. If no admin user is defined, everybody has automatically admin rights, so Restrict Edit has no effect. |
|
Re: Config so that users can delete only their own entries?, posted by Dennis Seitz on Sat Apr 18 00:33:53 2009
|
Thanks for reminding me of that, it will do fine. A suggestion: Separate Restrict Edit into Restrict Edit and Restrict Delete or some functional equivalent. Then we have the choice to restrict one or the other or both. Is that worth doing?
| Stefan Ritt wrote: |
| Dennis Seitz wrote: | I've tried
Deny_Delete = All
Allow Delete = $author
and just
Allow Delete = $author
But either users can delete anyone's entries, or they can't delete any entries.
Am I missing something? If not, can you add the capability to allow users to delete, but only their own entries?
Thanks as usual for a great piece of code! |
You cannot put $author into any Allow or Deny option, only explicit login names (not "full" names). What you want however is
Restrict Edit = 1
which lets only the original author either delete or edit entries. If you use that option, you probably want as well
Preset Author = $long_name
Preset on reply Author = $long_name
Preset on duplicate Author = $long_name
Locked Attributes = Author
So a user cannot pretend to be somebody else. You also need a valid "admin user = ..." statement. Note that the admin user always can delete/edit entries. If no admin user is defined, everybody has automatically admin rights, so Restrict Edit has no effect. |
|
|
ROptions value changed in the edit page, posted by Gabriele Sirri on Wed Apr 15 11:43:14 2009
|
When ROptions items contain the same substring and this substring is also an ROptions item (ex: notdone,
done), the value of the entry could change in the edit page.
It depends on the item order in the config file.
If Options is used (instead of ROptions), it works as expected.
Is it a bug?
Examples :
#Insert "notdone" as new entry. When you try to edit the entry, the displayed value is "done".
[test_bad]
Attributes = Author, Category
ROptions Category = notdone, done
#No problem if you change the item order
[test_good]
Attributes = Author, Category
ROptions Category = done, notdone |
|
Re: ROptions value changed in the edit page, posted by Stefan Ritt on Wed Apr 15 12:56:18 2009
|
> When ROptions items contain the same substring and this substring is also an ROptions item (ex: notdone,
> done), the value of the entry could change in the edit page.
> It depends on the item order in the config file.
>
> If Options is used (instead of ROptions), it works as expected.
>
> Is it a bug?
>
>
> Examples :
>
> #Insert "notdone" as new entry. When you try to edit the entry, the displayed value is "done".
>
> [test_bad]
> Attributes = Author, Category
> ROptions Category = notdone, done
>
> #No problem if you change the item order
>
> [test_good]
> Attributes = Author, Category
> ROptions Category = done, notdone
Thanks for reporting this bug. I fixed it in SVN revisoin 2193. |
Long cookie content is not handled properly., posted by Simon Patton on Tue Apr 14 22:51:15 2009
|
I discovered the infinite loop in 2.7.5 which can happen when a cookie's content is longer that the cookie array
designed to hold it. I also note that this issue has been addressed in 2.7.6, but the solution does not appear
to be correct and it can end up completely confusing the cookie extraction.
In 2.7.5 the code was:
for (i = 0; *p && *p != ';' && *p != '\r' && *p != '\n' ; )
if (i < (int) sizeof(cookie)-1)
cookie[i++] = *p++;
While in 2.7.6 is became:
for (i = 0; *p && *p != ';' && *p != '\r' && *p != '\n';)
if (i < (int) sizeof(cookie) - 1)
cookie[i++] = *p++;
else
break;
This leaves 'p' pointing to the middle of the cookie's content and I can not see that this is corrected in the loop (sorry if I've missed that).
The solution I used to patch 2.7.5 was the following:
for (i = 0; *p && *p != ';' && *p != '\r' && *p != '\n' ; ++p)
if (i < (int) sizeof(cookie)-1)
cookie[i++] = *p;
which simply truncates the contents of the cookie (which is assumed not to be an elogd cookie) but leaves 'p' in the right place to extract the next one. |
|
Re: Long cookie content is not handled properly., posted by Stefan Ritt on Wed Apr 15 09:26:37 2009
|
| Simon Patton wrote: | I discovered the infinite loop in 2.7.5 which can happen when a cookie's content is longer that the cookie array
designed to hold it. I also note that this issue has been addressed in 2.7.6, but the solution does not appear
to be correct and it can end up completely confusing the cookie extraction.
In 2.7.5 the code was:
for (i = 0; *p && *p != ';' && *p != '\r' && *p != '\n' ; )
if (i < (int) sizeof(cookie)-1)
cookie[i++] = *p++;
While in 2.7.6 is became:
for (i = 0; *p && *p != ';' && *p != '\r' && *p != '\n';)
if (i < (int) sizeof(cookie) - 1)
cookie[i++] = *p++;
else
break;
This leaves 'p' pointing to the middle of the cookie's content and I can not see that this is corrected in the loop (sorry if I've missed that).
The solution I used to patch 2.7.5 was the following:
for (i = 0; *p && *p != ';' && *p != '\r' && *p != '\n' ; ++p)
if (i < (int) sizeof(cookie)-1)
cookie[i++] = *p;
which simply truncates the contents of the cookie (which is assumed not to be an elogd cookie) but leaves 'p' in the right place to extract the next one. |
You're absolutely right about that. I incorporated your patch into revision #2192. |