Changing rights to www-data - DropBox syncing - Permission question

Forum for questions and support relating to the 1.34.x releases only.
Post Reply
Roduss
Posts: 5
Joined: Fri Jun 26, 2020 4:14 pm

Changing rights to www-data - DropBox syncing - Permission question

Post by Roduss »

Good afternoon !
I am running ZM 1.34.15 on Debian Buster.
I've been trying hard to sync my files with DropBox for a few days now. I mounted a filesystem of 2 GB, sucessfully run a filter on it but the file wouldn't be saved because it was created by www-data which is not an admin user.

I tried to add www-data to the sudo group but didn't changed. I finally tried to add it to the sudoers file (etc/sudoers), giving it ALL privileges : %www-data ALL=(ALL:ALL)ALL
And , surprise, the file synced with DropBox!

Only problem then, I was unable to launch ZM anymore .... :shock: :shock:
I removed the line from sudoers, restarted debian and still, nothing on the login page, all blank.
I did a fresh reinstall of ZM (viewtopic.php?t=26129) and reinstall according to the Wiki : https://wiki.zoneminder.com/Debian_10_B ... om_ZM_Repo.
Still nothing. I started looking at logs :
  • in /var/log/zm : All seems to start normally but there is no web_php.log file
  • in /var/log/apache2 : I looked at the last edited error.log and got :
    [Fri Jul 03 12:06:52.425429 2020] [php7:warn] [pid 629] [client 127.0.0.1:45960] PHP Warning: error_log(/var/log/zm/web_php.log): failed to open stream: Permission denied in /usr/share/zoneminder/www/includes/logger.php on line 397

    [Fri Jul 03 12:06:52.425498 2020] [php7:error] [pid 629] [client 127.0.0.1:45960] PHP Fatal error: Can't write to log file '/var/log/zm/web_php.log': error_log(/var/log/zm/web_php.log): failed to open stream: Permission denied @ /usr/share/zoneminder/www/includes/logger.php/397 in /usr/share/zoneminder/www/includes/logger.php on line 400
    (for different pid as well : 1386,626,627 and 1386 again)
    So, from here, I created a web_php.log, giving it chmod 2775 and it started running !
  • As you might expect, lots of permission problems and changing all my system files with chmod 2775 is not a solution :mrgreen:
    For example, I am now unable to open the camera unless I chmod it everytime I want to open it ...
    Logs from ZM : 2020-07-03 14:21:56 zms_m1 1599 ERR Unable to connect to zmc process for monitor 1 zms.cpp 257
    2020-07-03 14:21:56 zms_m1 1599 ERR Unable to connect to monitor id 1 for streaming zm_stream.cpp 53
    2020-07-03 14:21:56 zms_m1 1599 ERR fopen() for /var/log/zm/zms_m1.log, error = Permission denied zm_logger.cpp 418
    2020-07-03 14:21:56 zms_m1 1599 ERR Can't open memory map file /dev/shm/zm.mmap.1, probably not enough space free: Permission denied zm_monitor.cpp 558
    2020-07-03 14:21:55 web_php 644 ERR socket_bind( /var/run/zm/zms-973868w.sock ) failed: Permission denied /usr/share/zoneminder/www/includes/functions.php 2177
    2020-07-03 14:21:54 zmc_dvideo0 885 INF Garage: images:6900 - Capturing at 25.00 fps, capturing bandwidth 30720000bytes/sec zm_monitor.cpp 2544
    2020-07-03 14:21:51 zms_m1 1595 ERR Unable to connect to zmc process for monitor 1 zms.cpp 257
    2020-07-03 14:21:51 zms_m1 1595 ERR Unable to connect to monitor id 1 for streaming zm_stream.cpp 53
    2020-07-03 14:21:51 zms_m1 1595 ERR fopen() for /var/log/zm/zms_m1.log, error = Permission denied zm_logger.cpp 418
    2020-07-03 14:21:51 zms_m1 1595 ERR Can't open memory map file /dev/shm/zm.mmap.1, probably not enough space free: Permission denied
So, from what I've understand, making www-data kind of superuser in the sudoers finally doesn't allow him to access any files ... What am I missing ?
Is there a way to give the user www-data admin privileges then my files will be synced to DropBox ? (Without having to chmod every files ?)
Or is there a way for ZM to create files under the name of my admin user directly instead of using www-data ?

I am kind of confused ...
Thanks a lot for every answer !
Have a wonderful week end watching your home with ZM :P
SkippyDo
Posts: 219
Joined: Mon Nov 20, 2017 6:49 pm

Re: Changing rights to www-data - DropBox syncing - Permission question

Post by SkippyDo »

I've never had to have the web user have super user permissions. ALL directories should be set to be owned by the web user and with group set to the main group of that user ID (install guides suggest to use "www-data" for both): the logger facility will automatically create the log files with the necessary permissions.

As to what dropbox needs to use... perhaps it's own user and being in "www-data" group? I'd want to be careful here since this function is doing lots of file deletes: wouldn't want it get pointed to a location that can wipe your ZM bits.
Roduss
Posts: 5
Joined: Fri Jun 26, 2020 4:14 pm

Re: Changing rights to www-data - DropBox syncing - Permission question

Post by Roduss »

Thanks a lot for the asnwer ! I will change these permissions and ask DropBox about that syncing problem :mrgreen:
Post Reply