[Icecast] SOLVED Re: Edited: <on-connect> / <on-disconnect> not working
Jordan Erickson
jordan at subj.am
Wed Sep 20 20:43:46 UTC 2023
Hey Jack, good work. Now your next task is to please, *please* clean up
all user/file permissions so if anyone at all has access to a shell on
this system they can't simply wreak havoc on all your hard work :)
Cheers,
Jordan Erickson
https://subj.am/
On 9/20/23 13:28, Jack Elliott wrote:
>
> Thank you, Jordan.
>
> It now works. For the next icecast user who needs to get an
> <on-connect> script to run, I am leaving this here.
>
> Okay, icecast2 is not human user, so no /home directory for it.
>
> /etc/passwd tells me:
>
> icecast2:x:112:119::/usr/share/icecast2:/bin/false
>
> So I copy the working (for my user kpovdjs) /home/kpovdjs/.msmtprc
> file to /usr/share/icecast2 , and change owner to user icecast2
>
> kpovdjs at Icecast-Pi:~ $ ls -la /usr/share/icecast2
> total 20
> drwxr-xr-x 4 root root 4096 Sep 20 11:31 .
> drwxr-xr-x 205 root root 4096 Jul 13 2022 ..
> drwxr-xr-x 2 root root 4096 Apr 22 2017 admin
> -rw-rw-rw- 1 icecast2 root 332 Sep 20 11:31 .msmtprc
> drwxr-xr-x 3 kpovdjs root 4096 May 12 2017 web
>
> So,
>
> icecast2 at Icecast-Pi:/home/kpovdjs$ echo "hello there username." | msmtp -a gmailthatjackelliott at kpov.org
> msmtp: /usr/share/icecast2/.msmtprc: must have no more than user read/write permissions
>
> But now msmtp finds the rc file! So chmod 600 to .msmtprc to get
>
> -rw------- 1 icecast2 root 332 Sep 20 11:31 .msmtprc
>
> and try again . . . and . . . it works! email received. One minor
> permissions issue,
>
> msmtp: cannot log to /home/kpovdjs/bin/msmtp_logfile.log: cannot open: Permission denied
>
> So as owner of the logfile.log:
>
> chmod 666 /home/kpovdjs/bin/msmtp_logfile.log
>
> And all is good.
>
> Many thanks to you and the others who helped me debug this routine.
> Have a good day!
>
> --
> Jack Elliott
> Director of Classical Music Programming
> High Desert Community Radio
> KPOV Bend, Oregon
> On 9/20/23 11:18 AM, Jordan Erickson wrote:
>> You need to put that msmtp config file in Icecast user's configured
>> home directory. Look in /etc/passwd for that or just 'cd ~' as
>> Icecast user. It's likely not /home/icecast2 if you had to create it
>> yourself manually.
>>
>>
>> Cheers,
>> Jordan Erickson
>>
>> https://subj.am/
>> On 9/20/23 11:11, Jack Elliott wrote:
>>>
>>> Hi Jordan, thank you for the suggestion to try msmtp directly as
>>> user icecast2
>>>
>>> First I try as user kpovdjs (me):
>>>
>>> kpovdjs at Icecast-Pi:~/bin $ echo "hello there username." | msmtp -a gmailthatjackelliott at kpov.org
>>>
>>> This does send the email.
>>>
>>> Now su to user icecast2
>>>
>>> icecast2 at Icecast-Pi:/home/kpovdjs/bin$ echo "hello there username." | msmtp -a gmailthatjackelliott at kpov.org
>>> msmtp: account gmail not found: no configuration file available
>>>
>>> Interesting. For user kpovdjs, msmtp finds account information in
>>> /home/kpovdjs/.msmtprc
>>>
>>> But as user icecast2, there is no .msmtprc file in /home/icecast2
>>>
>>> In fact, there is no icecast2 folder in /home
>>>
>>> So I create /home/icecast2
>>>
>>> I copy my user .msmtprc to /home/icecast2
>>>
>>> icecast2 at Icecast-Pi:/home/kpovdjs$ ls -la /home/icecast2
>>> total 12
>>> drwxr-xr-x 2 icecast2 root 4096 Sep 20 10:57 .
>>> drwxr-xr-x 5 root root 4096 Sep 20 10:51 ..
>>> -rw-r--r-- 1 icecast2 root 332 Sep 20 10:57 .msmtprc
>>>
>>> Now I try again:
>>>
>>> icecast2 at Icecast-Pi:/home/kpovdjs$ echo "hello there username." | msmtp -a gmailthatjackelliott at kpov.org
>>> msmtp: account gmail not found: no configuration file available
>>>
>>> If msmtp cannot find its rc file in /home/icecast2, then maybe there
>>> is a way to specify the location.
>>>
>>> --
>>> Jack Elliott
>>> Director of Classical Music Programming
>>> High Desert Community Radio
>>> KPOV Bend, Oregon
>>> On 9/20/23 10:35 AM, Jordan Erickson wrote:
>>>> Hi Jack,
>>>>
>>>> Have you tried, as the icecast2 user, interactively using the msmtp
>>>> command instead of with your script? Try this, it will narrow down
>>>> the variables. Also, check to see if your iceast2 user has the
>>>> required group membership(s), if any, to send mail from that machine.
>>>>
>>>>
>>>> Cheers,
>>>> Jordan Erickson
>>>>
>>>> https://subj.am/
>>>> On 9/20/23 10:32, Jack Elliott wrote:
>>>>>
>>>>> Thank you, Philipp Schafft,
>>>>>
>>>>> Okay my amateur bash script is badly written and I will clean it up.
>>>>>
>>>>> But I don't think my clumsy scripting explains why I can run the
>>>>> script as user kpovdjs, but not as user icecast2?
>>>>>
>>>>> It uses /usr/bin/msptp and
>>>>>
>>>>> kpovdjs at Icecast-Pi:~/bin $ ls -l /usr/bin/msmtp
>>>>> -rwxr-xr-x 1 root root 83848 Jun 19 2014 /usr/bin/msmtp
>>>>>
>>>>> So that isn't a problem.
>>>>>
>>>>> And the script:
>>>>>
>>>>> kpovdjs at Icecast-Pi:~/bin $ ls -l email_onconnect.sh
>>>>> -rwxrwxrwx 1 kpovdjs kpovdjs 422 Sep 20 10:08 email_onconnect.sh
>>>>>
>>>>> Yes, I have tried running the script as user kpovdjs and it works.
>>>>> And the same command as user icecast2 does not work and does not
>>>>> make an error message.
>>>>>
>>>>> Thomas Zumbrunnen wonders about my mount point definition, this is it:
>>>>>
>>>>> <mount type="normal">
>>>>> <mount-name>/stream</mount-name>
>>>>> <fallback-mount>/fallbacks/Generic_Silence_192kbps_48kHz.mp3</fallback-mount>
>>>>> <fallback-override>1</fallback-override>
>>>>> <fallback-when-full>1</fallback-when-full>
>>>>> <burst-size>65535</burst-size>
>>>>> <on-connect>/home/kpovdjs/bin/email_onconnect.sh</on-connect>
>>>>> <on-disconnect>/home/kpovdjs/bin/email_ondisconnect.sh</on-disconnect>
>>>>> <no-yp>1</no-yp>
>>>>> </mount>
>>>>>
>>>>> Thank you, everyone!
>>>>>
>>>>> --
>>>>> Jack Elliott
>>>>> Director of Classical Music Programming
>>>>> High Desert Community Radio
>>>>> KPOV Bend, Oregon
>>>>> On 9/20/23 8:44 AM, Philipp Schafft wrote:
>>>>>> Good morning,
>>>>>>
>>>>>> On Wed, 2023-09-20 at 08:24 -0700, Jack Elliott wrote:
>>>>>>> Hi all,
>>>>>>> I am still trying to debug this. Summary, I am using <on-connect> in
>>>>>>> my icecast.xml to launch an email when a source-client connects.
>>>>>>> Here is the line in icecast.xml:
>>>>>>> <on-connect>/home/kpovdjs/bin/email_onconnect.sh</on-connect>
>>>>>>> The problem is that this script doesn't do anything when icecast runs
>>>>>>> it.
>>>>>>> The script works if I run it as user kpovdjs (me). But if I su to
>>>>>>> user icecast2, it does nothing.
>>>>>>> "email_onconnect.sh" is:
>>>>>>> #!/bin/bash
>>>>>>> set -x
>>>>>>>
>>>>>>> #thatjackelliott at kpov.org
>>>>>>>
>>>>>>> printf "To:thatjackelliott at kpov.org\nFrom:kpovcomputer at gmail.com\nS
>>>>>>> ubject: Remote host has connected to mountpoint $1 on the
>>>>>>> Backstream\n\n KPOV Icecast server on IcecastPi has detected a
>>>>>>> connection on the backstream." > /home/kpovdjs/bin/on_connect.txt
>>>>>>> /usr/bin/msmtpthatjackelliott at kpov.org <
>>>>>>> /home/kpovdjs/bin/on_connect.txt >/home/kpovdjs/bin/msmtp.log 2>&1
>>>>>> Your printf is wrong here.
>>>>>> NEVER do something like: printf "bla $blubb bla\n";
>>>>>> ALWAYS do: printf "bla %s bla\n" "$blubb";
>>>>>>
>>>>>> That is exactly why we use printf in the first place. This is the
>>>>>> reason it exists.
>>>>>>
>>>>>> Also you can just pipe your output between the commands. No need for a
>>>>>> tempfile (which also adds many problems, from permissions to race
>>>>>> conditions).
>>>>>>
>>>>>>
>>>>>>> If I run it as user kpovdjs (me), it sends the email, and this is the
>>>>>>> debug output:
>>>>>>> kpovdjs at Icecast-Pi:~/bin $ ./email_onconnect.sh
>>>>>>> + printf 'To:thatjackelliott at kpov.org\nFrom:kpovcomputer at gmail.com\
>>>>>>> nSubject: Remote host has connected to mountpoint on the
>>>>>>> Backstream\n\n KPOV Icecast server on IcecastPi has detected a
>>>>>>> connection on the backstream.'
>>>>>>> + /usr/bin/msmtpthatjackelliott at kpov.org
>>>>>>> But as user icecast2, the debug output is the same, but no email
>>>>>>> sent:
>>>>>>> icecast2 at Icecast-Pi:/home/kpovdjs/bin$ ./email_onconnect.sh
>>>>>>> + printf 'To:thatjackelliott at kpov.org\nFrom:kpovcomputer at gmail.com\
>>>>>>> nSubject: Remote host has connected to mountpoint on the
>>>>>>> Backstream\n\n KPOV Icecast server on IcecastPi has detected a
>>>>>>> connection on the backstream.'
>>>>>>> + /usr/bin/msmtpthatjackelliott at kpov.org
>>>>>> Are you sure /usr/bin/msmtp works as the Icecast user?
>>>>>> Have you tried to run that script as the same user as Icecast?
>>>>>> e.g.: sudo -u icecast /path/to/script
>>>>>>
>>>>>>
>>>>>>> For debug purposes, I have rwxrwxrwx permission set from / and down
>>>>>>> to and including the script.
>>>>>>> -rwxrwxrwx 1 kpovdjs kpovdjs 414 Sep 17 10:59 email_onconnect.sh
>>>>>> I hope that is a really really bad joke.
>>>>>>
>>>>>>
>>>>>>> For further debug purposes, I made a copy of the .sh script and
>>>>>>> chowned it to user icecast2.
>>>>>>> -rwxr-xr-x 1 icecast2 icecast 414 Sep 20 08:08
>>>>>>> email_onconnect_usericecast2.sh
>>>>>>> It also does not send the email when I invoke it as user icecast2.
>>>>>>> The "set -x" debug output is the same.
>>>>>>> At this point it seems that this is not a icecast issue, per se, but
>>>>>>> some sneaky subtle weird annoying little Linux thing. However, if
>>>>>>> anyone here has an idea on how I might solve it, it would be very
>>>>>>> much appreciated.
>>>>>> Not the wording I would use.
>>>>>>
>>>>>> You could check Icecast's error.log to see if it reports a problem.
>>>>>>
>>>>>> Other than that you really first need to establish that the script
>>>>>> actually works running as that user.
>>>>>>
>>>>>>
>>>>>>> Thank you!
>>>>>>> ===========================
>>>>>>>
>>>>>>> Very cool, I haven't encountered the "set -x" debug flag before.
>>>>>>> However, the output isn't as interesting as I hoped:
>>>>>>>
>>>>>>> icecast2 at Icecast-Pi:/home/kpovdjs/bin$ ./email_onconnect.sh
>>>>>>> + printf 'To:thatjackelliott at kpov.org\nFrom:kpovcomputer at gmail.com\nS
>>>>>>> ubject: Remote host has connected to mountpoint on the Backstream\n\n
>>>>>>> KPOV Icecast server on IcecastPi has detected a connection on the
>>>>>>> backstream.'
>>>>>>> + /usr/bin/msmtpthatjackelliott at kpov.org
>>>>>>> icecast2 at Icecast-Pi:/home/kpovdjs/bin$
>>>>>>>
>>>>>>> Thank you!
>>>>>>>
>>>>>>>> Hi
>>>>>>>>
>>>>>>>> For debuging purpose put
>>>>>>>> set -x in the row after #!/bin/bash
>>>>>>>> and execute the script. Post the whole output here.
>>>>>>>>
>>>>>>>> Cheers
>>>>>>>> Tom
>>>>>>>> Am 17. Sept. 2023, 19:42 +0200 schrieb Jack Elliott <
>>>>>>>> that.jack.elliott at gmail.com>:
>>>>>>>>> Hi Jordan,
>>>>>>>>>
>>>>>>>>> Here is my script:
>>>>>>>>>
>>>>>>>>> #!/bin/bash
>>>>>>>>>
>>>>>>>>> #thatjackelliott at kpov.org
>>>>>>>>>
>>>>>>>>> printf"To:thatjackelliott at kpov.org\nFrom:kpovcomputer at gmail.com\
>>>>>>>>> nSubject: Remote host has connected to mountpoint $1 on the
>>>>>>>>> Backstream\n\n KPOV Icecast server on IcecastPi has detected a
>>>>>>>>> connection on the backstream." >
>>>>>>>>> /home/my_username/bin/on_connect.txt
>>>>>>>>> /usr/bin/msmtpthatjackelliott at kpov.org <
>>>>>>>>> /home/my_username/bin/on_connect.txt
>>>>>>>>>> /home/my_username/bin/msmtp.log 2>&1
>>>>>>>>> This script has rwx set for everyone (for debugging).
>>>>>>>>>
>>>>>>>>> Thank you!
>>>>>>>>>
>>>>>>>>> --
>>>>>>>>> Jack Elliott
>>>>>>>>> Director of Classical Music Programming
>>>>>>>>> High Desert Community Radio
>>>>>>>>> KPOV Bend, Oregon
>>>>>>>>> On 9/17/23 8:25 AM, Jordan Erickson wrote:
>>>>>>>>>> Hi Jack,
>>>>>>>>>>
>>>>>>>>>> You said:
>>>>>>>>>>
>>>>>>>>>> ---
>>>>>>>>>> Okay now that I am user icecast2, let me see if the script I
>>>>>>>>>> want the Icecast server to run <on-connect> runs, so . . .
>>>>>>>>>> icecast2 at icecast-Pi: $ ./email_onconnect.sh
>>>>>>>>>>
>>>>>>>>>> and the prompt returns immediately, no error message, but no
>>>>>>>>>> email received. But if I su back to my_username and try the
>>>>>>>>>> script, it runs and an email is received.
>>>>>>>>>>
>>>>>>>>>> ---
>>>>>>>>>>
>>>>>>>>>> This tells me that your script is not doing what it needs to do
>>>>>>>>>> as the Icecast user. Since you're doing it outside of Icecast,
>>>>>>>>>> it's not the <on-connect> or <on-disconnect> triggers that are
>>>>>>>>>> failing. It would be helpful if you could paste your script
>>>>>>>>>> (sensitive info like passwords removed) here.
>>>>>>>>>>
>>>>>>>>>>
>>>>>>>>>> Cheers,
>>>>>>>>>> Jordan
>>>>>>>>>> https://subj.am/
>>>>>
>>>>> _______________________________________________
>>>>> Icecast mailing list
>>>>> Icecast at xiph.org
>>>>> http://lists.xiph.org/mailman/listinfo/icecast
>>>>
>>>>
>>>> _______________________________________________
>>>> Icecast mailing list
>>>> Icecast at xiph.org
>>>> http://lists.xiph.org/mailman/listinfo/icecast
>>>
>>> _______________________________________________
>>> Icecast mailing list
>>> Icecast at xiph.org
>>> http://lists.xiph.org/mailman/listinfo/icecast
>>
>>
>> _______________________________________________
>> Icecast mailing list
>> Icecast at xiph.org
>> http://lists.xiph.org/mailman/listinfo/icecast
>
> _______________________________________________
> Icecast mailing list
> Icecast at xiph.org
> http://lists.xiph.org/mailman/listinfo/icecast
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.xiph.org/pipermail/icecast/attachments/20230920/eea98533/attachment.htm>
More information about the Icecast
mailing list