Hi to all,
I just started this thread, because I noticed sometime problems with my additional installation of FHEM within my IPFire installation. This happens, when permissions or other things changed within the IP Fire installation, which I have to handle in my additional installation.
I get the hint, that it will be better to use the user “nobody” instead of the own additional user, which can be a security leak as well.
Here are the first Items I have to change:
User in my start/stops scripts within “init.d”/rc0.d/rc3.d/rc6.d
sudo -u nobody /opt/fhem/fhem.pl /opt/fhem/fhem.cfg
I have to access USB sticks for the data reading of the sensors and need network access.
usermod -G tty nobody
will be o.k.
As well the program is placed in /opt/fhem, I have to change the rights
drwxr-xr-x 13 nobody root 4096 Jun 23 10:41 fhem
same for the data looging area:
drwxr-xr-x 3 nobody root 4096 Jul 12 2020 fhem
There is a web gui in the same matter as ipfire will have,
I guess, I do not have to change here anything ?
Feel free to give me any hints to get it secure as possible.
How can I updated the system ?
Do I have to login as nobody, when I have to update some perl files ?