Fix Permissions "Security" Note Debian/Ubuntu

Forum for questions and support relating to the 1.34.x releases only.
Post Reply
bbunge
Posts: 2698
Joined: Mon Mar 26, 2012 11:40 am
Location: Pennsylvania

Fix Permissions "Security" Note Debian/Ubuntu

Post by bbunge » Fri Feb 07, 2020 12:40 am

Prior version of my install procedure and install script contained a "Fix Permissions: chown -R www-data:www-data /usr/share/zoneminder/" step.

It has been brought to my attention that this could allow the www-data user to write in this area which is not a good thing.

To correct this on your system run, as root: chown -R root:root /usr/share/zoneminder/

User avatar
iconnor
Posts: 1325
Joined: Fri Oct 29, 2010 1:43 am
Location: Toronto
Contact:

Re: Fix Permissions "Security" Note Debian/Ubuntu

Post by iconnor » Fri Feb 07, 2020 1:46 pm

For some historical context, we used to store events in /usr/share/zoneminder/events and that dir has to be owned by www-data. Same with /usr/share/zoneminder/images etc. I fixed that in 1.32. So there should be no need for write access to anything under /usr/share/zoneminder.

all that stuff got moved to /var/cache/zoneminder/ in ubuntu or more rightly /var/lib/zoneminder in redhat.

So the line should probably be to chown www-data /var/cache/zoneminder ot chwon www-data /var/lib/zoneminder as appropriate.

bbunge
Posts: 2698
Joined: Mon Mar 26, 2012 11:40 am
Location: Pennsylvania

Re: Fix Permissions "Security" Note Debian/Ubuntu

Post by bbunge » Fri Feb 07, 2020 4:13 pm

Just checked my latest Ubuntu Zoneminder production server. /var/cache/zoneminder is at www-data:www-data (set by the Zoneminder install)

As a reminder for those using additional storage such as another HD or remote NAS the storage directory on the drive/device needs to be owned by www-data

Post Reply

Who is online

Users browsing this forum: No registered users and 3 guests