PIRATEBOX

Developer notes about droopy-minidlna fix (Raspberry Pi only)

Posted by BlueSpider 
This forum is currently read only. You can not log in or make any changes. This is a temporary situation.
Now, this forum is in read-only mode. You find details Details hereContinue on /r/PirateBox
Forum List Message List New Topic
BlueSpider
Developer notes about droopy-minidlna fix (Raspberry Pi only)
June 27, 2015 12:04PM
As zebul666 wrote in another topic, there was a permission issue in the old image.

The piratebox configuration requires that minidlna has at least read access to the files you upload using droopy.
Both services run with different accounts (minidlna and nobody) which prevents minidlna from accessing those files.

First solution could be to change minidlna to run as nobody.nogroup as well, but this would require to patch the minidlna package. The reason is, that there are other files which belong to minidlna.minidlna like in /var/run/.
Package modification should be seen as last option, because you could get into trouble if you update the packages later.

My idea was to make no changes to out of the box packages and to tweak the system only a bit.
1. Allow minidlna to access the files written by droopy 
usermod -a -G nogroup.minidlna

2. Add a single line of code to droopy in order to change file permission to 644
Since Matthias applied this fix already to github, I will not bore you with code.
The default permission was 600 and without this modification there would be no benefit from adding minidlna into the nogroup group.

3. Allow minidlna to write into /opt/piratebox/tmp which belongs to nobody.nogroup with permission 755 
chmod 775 /opt/piratebox/tmp

@Matthias, we should discuss if this solution should be implemented in github as well, or if you prefere another way.
Reply Quote
Matthias
Re: Developer notes about droopy-minidlna fix (Raspberry Pi only)
July 04, 2015 11:52AM
Sorry for my late response, first I wanted to take a few calm minutes to think about it.

I think overall changing droopy is the right way to go. I see no point in making freshly uploaded files 600 only; only in condition where such a feature would be useful, I wouldn't recommend droopy as the tool of choice.

AFAIK, all directories used by minidlna with the configuration shipped from opt/piratebox/src is pointing to one using the permissions nobody:nogroup.
I don't know much about systemd yet, but I know it is possible to create some sort of "overwriting" file. That wouldn't require a patch of the systemd-service file, but you can overwrite specific lines with that functionality. But, I don't know if you can call it as a normal CLI command where you can pipe commands into.

This is only my signature.
Reply Quote
Newer Topic Older Topic