[icecast] A few Newbie Questions
Sean /The RIMBoy/
sean at rimboy.com
Sun Feb 25 14:16:15 UTC 2001
You're going to need root access. Presumably you have it if you have
control over icecast.
You could do a simple adduser. Then use your favorite editor and open up
the /etc/passwd file (again as root). You'll need to read up on what each
of the fields are, but in short you'll want to * the password
field for that new user. You'll also want to change the shell to
/bin/false.
Basically at that point you should have a non-priv'd acct.
Anyone else have any suggestions?
On Sun, 25 Feb 2001, Andrew M. Wu wrote:
> One question though - how do I create a pseudo user?
>
> Thanks,
>
> Andrew
>
> On Sun, 25 Feb 2001, Michael Faurot wrote:
>
> > In article <983130226.25873 at phzzzt.atww.org> you wrote:
> >
> > : 1) With regards to the recent buffer-overflow exploit and the
> > : recommendation of running icecast as a non-root user, how exactly does
> > : one do that?
> >
> > I do it via "su". I use a pseudo user named "ice" and have this in a
> > shell program that starts icecast:
> >
> > exec su --login -c "/usr/local/icecast/bin/icecast" ice &
> >
> > NOTE: root needs to run this, so it won't be prompted for a password.
> > Once run, the icecast process itself will be owned by user "ice".
> >
> > : I've compiled icecast with both encryption and tcp_wrappers enabled.
> > : I've added to my /etc/hosts.deny file the line
> > [...]
> > : I believe that those files however are readable only by root
> >
> > They shouldn't be. Generally /etc/hosts.allow and /etc/hosts.deny have
> > permissions of 644 and owned by user root and group root. This will be
> > fine if icecast is run as an unprivledged user as it only needs to be
> > able to read those files--not write or modify them.
> >
> > --
> > ------------------------------------------------------------------------------
> > Michael | mfaurot | You have the power to influence all with whom you come
> > Faurot | atww.net | in contact.
> >
> > --- >8 ----
> > List archives: http://www.xiph.org/archives/
> > icecast project homepage: http://www.icecast.org/
> > To unsubscribe from this list, send a message to 'icecast-request at xiph.org'
> > containing only the word 'unsubscribe' in the body. No subject is needed.
> > Unsubscribe messages sent to the list will be ignored/filtered.
> >
>
>
> --- >8 ----
> List archives: http://www.xiph.org/archives/
> icecast project homepage: http://www.icecast.org/
> To unsubscribe from this list, send a message to 'icecast-request at xiph.org'
> containing only the word 'unsubscribe' in the body. No subject is needed.
> Unsubscribe messages sent to the list will be ignored/filtered.
>
--
Sean...
A flute with no holes is not a flute. A donut with no hole is a danish.
--Chevy Chase, Caddyshack
_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_
www.rimboy.com <-- Your source for the crap you know you need.
www.rimboy.com/rimdistro/rimiradio <-- Icecast server on a floppy! (i486+)
--- >8 ----
List archives: http://www.xiph.org/archives/
icecast project homepage: http://www.icecast.org/
To unsubscribe from this list, send a message to 'icecast-request at xiph.org'
containing only the word 'unsubscribe' in the body. No subject is needed.
Unsubscribe messages sent to the list will be ignored/filtered.
More information about the Icecast
mailing list