Running elog as ordinnary user, posted by G. Vandemoortele on Fri Jan 27 20:40:00 2006
|
Hello,
I've configured elog with some commands running a shell :
Preset R-Date = $shell(/usr/bin/date +"%Y/%m/%d %H:%S")
; for testing :
Preset $text = $shell(whoami && set)
Preset $text = Some fixed text
That worked well when elog was started by root (and falling to user elog),
but later, I moved all the elog tree to /home/my_name/.elog,
(I'd like to start it only when I'm logged, it's only for personnal data)
changed all the attributes/permissions ($chown -R my_name:my_group .elog)
and none of these commands still works ! I use the -x option to allow
shell substitution.
More surprisingly, even the fixed text doesn't work (???)
Any explanation ?
By the way, I also seen that it is necessary to set Usr and Grp to "elog"
via the config file even when it's started by root, because otherwise,
you always get the strings 'Falling back to default group "elog"' and
Falling back to default user "elog" in the output of the shell substitutions.
Regards,
Gauthier
|
Re: Running elog as ordinnary user, posted by Stefan Ritt on Fri Jan 27 23:18:07 2006
|
| G. Vandemoortele wrote: | I've configured elog with some commands running a shell :
Preset R-Date = $shell(/usr/bin/date +"%Y/%m/%d %H:%S")
; for testing :
Preset $text = $shell(whoami && set)
Preset $text = Some fixed text
That worked well when elog was started by root (and falling to user elog),
but later, I moved all the elog tree to /home/my_name/.elog,
(I'd like to start it only when I'm logged, it's only for personnal data)
changed all the attributes/permissions ($chown -R my_name:my_group .elog)
and none of these commands still works ! I use the -x option to allow
shell substitution.
More surprisingly, even the fixed text doesn't work (???) |
First of all, you could use
Preset R-Date = $date
instead of the shell command. Secondly, the command
Preset $text = $shell(whoami && set)
is wrong. Replace it by
Preset text = $shell(whoami && set)
without the "$".
| G. Vandemoortele wrote: | By the way, I also seen that it is necessary to set Usr and Grp to "elog"
via the config file even when it's started by root, because otherwise,
you always get the strings 'Falling back to default group "elog"' and
Falling back to default user "elog" in the output of the shell substitutions. |
There is a good reason for that. If you run elogd as root, this can open a dangerous hole into your system. If there would be any bug in elog, an attacker could gain root access easily. By falling back to a non-root user, the damage can be minimized. As a precaustion, elog falls back to Usr and Grp "elog" if that setting is missing in the config file.
When you run elog under your user name, this fallback is not necessary. Why you got the message 'Falling back' is a mystery to me. I tried to reproduce that, so I run under a non-root account with following config:
[global]
port = 1234
[demo]
Attributes = Subject
Preset Subject = $shell(date +"%Y/%m/%d %H:%S")
and correctly got the date in the "Subject" field with ELOG V2.6.1-1640. |
|
Re: Running elog as ordinnary user, posted by G. Vandemoortele on Sat Jan 28 10:40:18 2006
|
| Stefan Ritt wrote: |
First of all, you could use
Preset R-Date = $date
instead of the shell command. Secondly, the command
Preset $text = $shell(whoami && set)
is wrong. Replace it by
Preset text = $shell(whoami && set)
without the "$".
|
I'm sorry ; even with this correction, none of the preset strings created with
a substitution mechanism (shell or built-in) works when elogd is started as
ordinnary user. I've tried the same config file /home/gv/.elog/elogd.cfg :
port = 8080
Language = french
Main Tab = Accueil
Usr = gv
Grp = users
Logbook dir = /home/gv/.elog/logbooks
[gauthier]
Self register = 1
Password file = passwd
Theme = default
Comment = Logbook personnel
Default encoding = 1
Time format = %a, %d/%m/%Y %H:%M
Attributes = Type, Statut, Priorité, Sujet, R-Date
Preset R-Date = $shell(/usr/bin/date +"%Y/%m/%d %H:%S")
Preset text = $shell(whoami && set)
;Preset text = Blablabla
;Preset text = $date
Start page = ?rsort=Record date
List display = R-Date, Type, Statut, Priorité, Sujet
Options Type = Divers, Lectures, Musique, Aca, Finances, Santé
Options Statut = A faire, Exécuté, Journal
Options Priorité = 0, 1, 2, 3
Preset Priorité = 0
Extendable Options = Type
Thread display = $sujet ($entry time)
Required Attributes = Type, Sujet
Page Title = ELOG - $subject
Reverse sort = 1
Quick filter = R-Date, Statut, Type
Sort Attributes = Priorité, R-Date
Started via root (# /usr/sbin/elogd -c /home/gv/.elog/elogd.cfg -x), it works,
but via "gv" ($ /usr/sbin/elogd -c /home/gv/.elog/elogd.cfg -x), it doesn't.
Regards,
Gauthier |
Re: Running elog as ordinnary user, posted by Stefan Ritt on Sat Jan 28 12:54:03 2006 
|
| G. Vandemoortele wrote: | Started via root (# /usr/sbin/elogd -c /home/gv/.elog/elogd.cfg -x), it works,
but via "gv" ($ /usr/sbin/elogd -c /home/gv/.elog/elogd.cfg -x), it doesn't. |
I tried with your config file, and it works fine (see attached screendump). So I have no clue right now why it is not working in your case. |
Quicklink does not work for one field, posted by mark james on Mon Oct 24 12:00:51 2005
|
I am not so bold as to log this as a bug but one of my Quicklink fields just do not work. It is the "Spacecraft" field. When I select any 'Spacecraft' quicklink, the no. of records stays exactly the same (i.e. no. in full recordset). If I select F1, then I see F1 highlight in yellow in the string "4F1". But strangely the "F1" entries are not highlight. Very strange.
My config file below (admin username removed).
=========================================================================
Theme = default
Comment = Inmarsat SCD Analyst Log book
Attributes = Record Date, Spacecraft, Author, SubSystem, Title
MOptions Spacecraft = F1, F2, F3, F4, G1, G2, G3, G4, G5, 4F1, 4F2, 4F3
Options Author = John MacDougall, John Turton, Joe Fowler, Mark Davidson, Mark James
Options SubSystem = Thermal, Propulsion, Power, AOCS/ADCS, Payload, TTC, Other/None
Required Attributes = Record Date, Spacecraft, Author, SubSystem, Title
Type Record Date = datetime
Time format = %A, %d %B, %Y, %H:%M
Date format = %A, %d %B, %Y
Filter Menu text = scripts/calendar_filter/calendar_filter.html
Preset Record date = $date, $time
List Display = Record date, Spacecraft, Author, SubSystem, Title
Start page = ?rsort=Record date
Entries per page = 100
Message Height = 15
Page Title = ELOG - $title
Reverse sort = 1
Quick filter = Date, Spacecraft, SubSystem, Author
message comment = "Please make your log entry in the box BELOW."
Attachment Comment = "Please upload your attachment in the box BELOW."
Menu commands = List, New, Edit, Delete, Reply, Find, Help, Download, Last Day, Copy to
Password file = pwfile
Self register = 0
Subst Author = $long_name from $remote_host
Subst Email = $user_email
Suppress default = 1
Use Lock = 1
RSS Title = $Title, by $author on $Record Date
Guest menu commands = Find, Last 10, Login, Help
Guest Find Menu commands = Find, Last 10, Login, Help
=================================================================== |
|
Re: Quicklink does not work for one field, posted by Stefan Ritt on Wed Jan 18 12:15:17 2006
|
| mark james wrote: | | I am not so bold as to log this as a bug but one of my Quicklink fields just do not work. |
Sorry my late reply, but now I have fixed this problem. The update is under SVN and will be contained in the next release. |
|
Re: Quicklink does not work for one field, posted by mark james on Mon Jan 23 17:32:20 2006
|
| Stefan Ritt wrote: |
| mark james wrote: | | I am not so bold as to log this as a bug but one of my Quicklink fields just do not work. |
Sorry my late reply, but now I have fixed this problem. The update is under SVN and will be contained in the next release. |
Thanks for that. I am now using ver V2.6.1-1622. So I guess that doesn't qualify as a "next release". I wonder if there is anything I could do to work around the issue?
Mark |
|
Re: Quicklink does not work for one field, posted by mark james on Mon Jan 23 18:35:52 2006
|
| mark james wrote: |
| Stefan Ritt wrote: |
| mark james wrote: | | I am not so bold as to log this as a bug but one of my Quicklink fields just do not work. |
Sorry my late reply, but now I have fixed this problem. The update is under SVN and will be contained in the next release. |
Thanks for that. I am now using ver V2.6.1-1622. So I guess that doesn't qualify as a "next release". I wonder if there is anything I could do to work around the issue?
Mark |
In fact now the dropdown seems to be working but when I 'tick' an entry, it is not being written to the ascii file. |
|
Re: Quicklink does not work for one field, posted by Stefan Ritt on Tue Jan 24 08:11:13 2006
|
| mark james wrote: |
| mark james wrote: |
| Stefan Ritt wrote: |
| mark james wrote: | | I am not so bold as to log this as a bug but one of my Quicklink fields just do not work. |
Sorry my late reply, but now I have fixed this problem. The update is under SVN and will be contained in the next release. |
Thanks for that. I am now using ver V2.6.1-1622. So I guess that doesn't qualify as a "next release". I wonder if there is anything I could do to work around the issue?
Mark |
In fact now the dropdown seems to be working but when I 'tick' an entry, it is not being written to the ascii file. |
Can you try V2.6.1-1634? I fixed several issues with ticking entries coming from "MOptions" lists. |
|
Re: Quicklink does not work for one field, posted by mark james on Fri Jan 27 13:50:10 2006
|
| Stefan Ritt wrote: |
| mark james wrote: |
| mark james wrote: |
| Stefan Ritt wrote: |
| mark james wrote: | | I am not so bold as to log this as a bug but one of my Quicklink fields just do not work. |
Sorry my late reply, but now I have fixed this problem. The update is under SVN and will be contained in the next release. |
Thanks for that. I am now using ver V2.6.1-1622. So I guess that doesn't qualify as a "next release". I wonder if there is anything I could do to work around the issue?
Mark |
In fact now the dropdown seems to be working but when I 'tick' an entry, it is not being written to the ascii file. |
Can you try V2.6.1-1634? I fixed several issues with ticking entries coming from "MOptions" lists. |
OK. But where do I get this from? The "latest version of 19 Jan is still 1622. |
|
Re: Quicklink does not work for one field, posted by Stefan Ritt on Fri Jan 27 13:52:34 2006
|
| mark james wrote: | | OK. But where do I get this from? The "latest version of 19 Jan is still 1622. |
If you can compile it yourself, you get it from Subversion (see here). Otherwise you have to wait for the next release. |
Suggestion additional ElCodes, posted by T. Ribbrock on Tue Jan 24 14:43:19 2006
|
I have to say, now that I'm finally on 2.6.x, I grew really fond of the ElCode stuff - great addition! It saves a lot of straight HTML typing for me... THANKS!
However, there are two things I'm missing:
- Headings
It would be great to have a range of , , ... tags that map directly to their HTML counterparts (and have buttons, of course...  ). That makes structuring an entry much easier in my opinion (and the output is easier to deal with for tools like html2ps) and I'm really missing those.
- Tables
This one is probably more difficult to add, but support for simple tables would be enough. But this is more a "nice to have"...
|
|
Re: Suggestion additional ElCodes, posted by Stefan Ritt on Tue Jan 24 22:52:48 2006
|
| T. Ribbrock wrote: | However, there are two things I'm missing:
- Headings
It would be great to have a range of [H1][/H1], [H2][/H2], ... tags that map directly to their HTML counterparts (and have buttons, of course... ). That makes structuring an entry much easier in my opinion (and the output is easier to deal with for tools like html2ps) and I'm really missing those.
- Tables
This one is probably more difficult to add, but support for simple tables would be enough. But this is more a "nice to have"...
|
Yes, I missed tables myself already. The headings I just put into the current SVN version (see this forum for how it works). Tables are a bit harder to implement and will come later. Do you have a proposal for a possible syntax? A 1:1 relation to HTML would look like this:
|
[tr][th]heading1[/th][th]heading2[/th][/tr]
[tr][td]data1[/td][td]data2[/td][/tr]
|
But that does not look very sexy to me. Maybe somehting like
|
| heading 1 | heading 2 | heading 3
| |
| data 1 | data 2 | data 3
|
this looks a bit like the "pipe" mode from a Wiki
what do you think? |
|
Re: Suggestion additional ElCodes, posted by T. Ribbrock on Wed Jan 25 12:31:14 2006
|
| Stefan Ritt wrote: |
Yes, I missed tables myself already. The headings I just put into the current SVN version (see this forum for how it works).
|
Very nice, thanks! I'm a bit torn as to whether I like the way I have to enter the level by keyboard or whether I'd rather see something like with the smileys (i.e. some "level menu" opens once "H" is pressed). The former is faster, while the latter doesn't require moving between the mouse and the keyboard. But that's just a detail - not really that important.
| Stefan Ritt wrote: | Tables are a bit harder to implement and will come later. Do you have a proposal for a possible syntax?
[...]
Maybe somehting like
|
| heading 1 | heading 2 | heading 3
| |
| data 1 | data 2 | data 3
|
this looks a bit like the "pipe" mode from a Wiki
what do you think? |
Yup, I remember using that kind of "pipe" structure in Wikis and I actually liked it. I think it's a lot easier to read in the "source" as well - and it reminds me remotely of LaTeX...  Also, it doesn't require much to just type it out instead of using buttons to make the cells. Definitely good enough for the simple type of tables I had in mind! |
|
Attachments in duplicated entries, posted by Bertram Metz on Thu Dec 8 10:32:37 2005
|
Hi,
the duplicate command duplicates the entry text itself, but it does not duplicate attachments.
If attachments in a duplicated entry are deleted, the original attachment files are deleted as well and cannot be accessed anymore within the original entry.
My suggestion is to copy the attached files too and to use file names of the copies in the duplicated entry.
Kind regards,
Bertram |
|
Re: Attachments in duplicated entries, posted by Stefan Ritt on Wed Dec 21 20:54:11 2005
|
| Bertram Metz wrote: | The duplicate command duplicates the entry text itself, but it does not duplicate attachments. If attachments in a duplicated entry are deleted, the original attachment files are deleted as well and cannot be accessed anymore within the original entry.
My suggestion is to copy the attached files too and to use file names of the copies in the duplicated entry. |
I chaned it such that attachments are removed from the duplicated entry, which was easier to implement. I hope this is ok as well. The change is in SVN revision 1584. |
Re: Attachments in duplicated entries, posted by Bertram Metz on Tue Jan 24 14:39:21 2006
|
| Stefan Ritt wrote: |
| Bertram Metz wrote: | The duplicate command duplicates the entry text itself, but it does not duplicate attachments. If attachments in a duplicated entry are deleted, the original attachment files are deleted as well and cannot be accessed anymore within the original entry.
My suggestion is to copy the attached files too and to use file names of the copies in the duplicated entry. |
I chaned it such that attachments are removed from the duplicated entry, which was easier to implement. I hope this is ok as well. The change is in SVN revision 1584. |
Yes, that's ok for me.
Thank you very much Stefan.
Best Regards,
Bertram |
|
redirect errors via apache2, posted by djek on Mon Jan 23 10:30:51 2006
|
Since elog 2.6.0 we cannot redirect our elog via apache2.
in apache2.conf we have (had for a long time):
Redirect permanent /elog http://elog.oursite.com/elog/
ProxyPass /elog/ http://elog.oursite.com:8080/
When visiting the url, this results in:
The proxy server received an invalid response from an upstream server.
The proxy server could not handle the request GET /elog/myelog/.
After testing we found that ELOG V2.6.0-beta2 works just fine.
2.6.0 stable crashes after visiting a redirected url.
Running on debian sarge |
|
Re: redirect errors via apache2, posted by Stefan Ritt on Mon Jan 23 10:57:45 2006
|
> Since elog 2.6.0 we cannot redirect our elog via apache2.
>
> in apache2.conf we have (had for a long time):
> Redirect permanent /elog http://elog.oursite.com/elog/
> ProxyPass /elog/ http://elog.oursite.com:8080/
>
> When visiting the url, this results in:
> The proxy server received an invalid response from an upstream server.
> The proxy server could not handle the request GET /elog/myelog/.
>
> After testing we found that ELOG V2.6.0-beta2 works just fine.
> 2.6.0 stable crashes after visiting a redirected url.
>
> Running on debian sarge
Have you tried 2.6.1. I released it just recently, so I don't know when it will be available for Debian. Have you
checked that your "URL = xxx" statement in the config file is correct? I see above "myelog", while the proxy
passes requests to "elog". |
|
Re: redirect errors via apache2, posted by djek on Mon Jan 23 11:18:48 2006
|
> > Since elog 2.6.0 we cannot redirect our elog via apache2.
> >
> > in apache2.conf we have (had for a long time):
> > Redirect permanent /elog http://elog.oursite.com/elog/
> > ProxyPass /elog/ http://elog.oursite.com:8080/
> >
> > When visiting the url, this results in:
> > The proxy server received an invalid response from an upstream server.
> > The proxy server could not handle the request GET /elog/myelog/.
> >
> > After testing we found that ELOG V2.6.0-beta2 works just fine.
> > 2.6.0 stable crashes after visiting a redirected url.
> >
> > Running on debian sarge
>
> Have you tried 2.6.1. I released it just recently, so I don't know when it will be available for Debian.
No it doesn't work with 2.6.1. I hoped it would be fixed, but I should have reported it sooner.
I compiled 2.6.1 myself.
The original version was a debian package, after that, we compile elog ourselves and copy elogd manually over the old
version. Just to stay up-to-date.
> Have you checked that your "URL = xxx" statement in the config file is correct? I see above "myelog", while the
proxy passes requests to "elog".
I changed our urls, just to be safe.
myelog is a 'sublogbook', like forum here. http://elog.oursite.com/elog/myelog
We are running V2.6.0-beta2 and it runs fine, without any alterations to our config files.
All previous versions runned fine too.
update:
After further testing on a different server, it seems to be an issue with the proxy and the proxy_http modules in sarge.
after loading and unloading proxy_http this is the error:
The proxy server received an invalid response from an upstream server. |
|
Buffer Overflow?, posted by Chris Warner on Wed Jan 18 17:20:45 2006
|
Users can access root level directories by using a modified URL. I saw on some security web sites that this was a problem in previous versions. Was it not fixed in 2.6?
To recreate enter http://yourhost.yourdomain.com/../../../../etc/passwd
view your password file in the browser.
If this was previously reported, is there a fix?
Chris Warner |
|
Re: Buffer Overflow?, posted by Stefan Ritt on Thu Jan 19 10:31:05 2006
|
| Chris Warner wrote: | Users can access root level directories by using a modified URL. I saw on some security web sites that this was a problem in previous versions. Was it not fixed in 2.6?
To recreate enter http://yourhost.yourdomain.com/../../../../etc/passwd
view your password file in the browser.
If this was previously reported, is there a fix?
Chris Warner |
Thanks for telling me, I didn't know. I was able to reproduce your problem under certain conditions, and I just released version 2.6.1 to fix it. However it has nothing to do with an old buffer overflow (see elog:941).
I would strongly advise everybody to upgrade as soon as possible. |
Re: Buffer Overflow?, posted by Chris Warner on Fri Jan 20 02:53:40 2006
|
| Stefan Ritt wrote: |
| Chris Warner wrote: | Users can access root level directories by using a modified URL. I saw on some security web sites that this was a problem in previous versions. Was it not fixed in 2.6?
To recreate enter http://yourhost.yourdomain.com/../../../../etc/passwd
view your password file in the browser.
If this was previously reported, is there a fix?
Chris Warner |
Thanks for telling me, I didn't know. I was able to reproduce your problem under certain conditions, and I just released version 2.6.1 to fix it. However it has nothing to do with an old buffer overflow (see elog:941).
I would strongly advise everybody to upgrade as soon as possible. |
Thanks for the quick response! |
In version 2.6 the themes do not work right on Windows., posted by Mark Coudriet on Tue Jan 17 16:04:28 2006
|
In version 2.6 the themes do not work right on Windows.
The URL is fixed at whichever logbook that is selected (e.g. ELOG 2.5.9-4 is <link rel="stylesheet" type="text/css" href="default.css"> & ELOG 2.6.0-1 is <link rel="stylesheet" type="text/css" href="http://localhost:8080/demo/default.css">). |
|
Re: In version 2.6 the themes do not work right on Windows., posted by Stefan Ritt on Wed Jan 18 12:57:30 2006
|
| Quote: | | The URL is fixed at whichever logbook that is selected (e.g. ELOG 2.5.9-4 is <link rel="stylesheet" type="text/css" href="default.css"> & ELOG 2.6.0-1 is <link rel="stylesheet" type="text/css" href="http://localhost:8080/demo/default.css">). |
So what is your problem? Can't you access http://localhost:8080/demo/default.css ?
If so, you could use an
URL = http://{your host}:8080/
option in your config file, where you replace {your host} with your real host name. |
Re: In version 2.6 the themes do not work right on Windows., posted by Mark Coudriet on Thu Jan 19 20:50:29 2006
|
| Stefan Ritt wrote: |
| Quote: | | The URL is fixed at whichever logbook that is selected (e.g. ELOG 2.5.9-4 is <link rel="stylesheet" type="text/css" href="default.css"> & ELOG 2.6.0-1 is <link rel="stylesheet" type="text/css" href="http://localhost:8080/demo/default.css">). |
So what is your problem? Can't you access http://localhost:8080/demo/default.css ?
If so, you could use an
URL = http://{your host}:8080/
option in your config file, where you replace {your host} with your real host name. |
No, because they would have to be in every logbook instead of coming out of the theme directory.
But I just updated to your new version 2.6.1 & everything is fine now. Thanks for your help! |
|
Re: In version 2.6 the themes do not work right on Windows., posted by Stefan Ritt on Thu Jan 19 20:53:01 2006
|
| Mark Coudriet wrote: | | But I just updated to your new version 2.6.1 & everything is fine now. Thanks for your help! |
Japp. I switched back to relative links for CSS again, seems to give less trouble.  |
|
settings for "show only new entries", posted by Ulrich Trüssel on Thu Jan 19 16:59:38 2006
|
how ca i set the date for the "show only new entries" button? maybe i missed somethin on the elog.cfg description?
thank's for hint!  |
|
Re: settings for "show only new entries", posted by Stefan Ritt on Thu Jan 19 17:05:22 2006
|
| Ulrich Trüssel wrote: | how ca i set the date for the "show only new entries" button? maybe i missed somethin on the elog.cfg description?
thank's for hint! |
That button works as follows: When you are active browsing entries, your activity is recorded (only the time) in the password file. Now when you are inactive for more than one hour, you are considered "logged out", and your last activity is taken as a filter for new entries. That means you see new entries since your last activity in the logbook. If you want to see the last day/week/month etc. you can define a quick filter on the date instead. |
|