- run calamaris with uid of 'stats' by default (parsing logs as 'root' could be insecure)

- user/group nobody should never own any file!

Changed files:
    calamaris-croniface -> 1.8
    calamaris.crontab -> 1.5
    calamaris.sysconfig -> 1.8

diff --git a/calamaris-croniface b/calamaris-croniface
index 7ad6ac4922e0bc1ea75788bdb6a6acc00df50006..23ee5c3f9a9ed048084264812507e42824b58bb0 100644 (file)
--- a/calamaris-croniface
+++ b/calamaris-croniface
@@ -13,7 +13,7 @@
 
 # Default configuration.
 SAVE_FORMAT="HTML"
-SAVE_OWNER="nobody.nobody"
+SAVE_OWNER=
 SAVE_PERM="u=rw,g=r,o=r"
 SEND_FORMAT="plain"
 SEND_TO="root"
@@ -75,8 +75,8 @@ make_stats() {
                        ARG="$ARG_PLAIN"
                fi
                call_calamaris "$1" "$ARG" > $3
-               chown $SAVE_OWNER $3
-               chmod $SAVE_PERM $3
+               [ -n "$SAVE_OWNER" ] || chown $SAVE_OWNER $3
+               [ -n "$SAVE_PERM" ] || chmod $SAVE_PERM $3
        fi
 
        # Generate statistics and send them.

diff --git a/calamaris.crontab b/calamaris.crontab
index a7760071aa5bd62443d0527e3423ca1bb5dd24e9..1f03e663c432b1fb6f0b163a7329257bc91f155d 100644 (file)
--- a/calamaris.crontab
+++ b/calamaris.crontab
@@ -1,4 +1,4 @@
 PATH=/sbin:/bin:/usr/sbin:/usr/bin
 
-00 4 * * *     root    calamaris-croniface daily
-30 4 * * 0     root    calamaris-croniface weekly
+00 4 * * *     stats   calamaris-croniface daily
+30 4 * * 0     stats   calamaris-croniface weekly

diff --git a/calamaris.sysconfig b/calamaris.sysconfig
index 84cc6afa08836a18a965e6deff3cf739bed1ab85..42eb713f8ae7df6c963bb1eb1b77c88ed1fe536a 100644 (file)
--- a/calamaris.sysconfig
+++ b/calamaris.sysconfig
@@ -19,10 +19,12 @@
 #SAVE_FORMAT="HTML"
 
 # If reports are saved in http daemons directory, they should have correct
-# permissions and owner, so the daemon can read them. By default user and
-# group are "nobody.nobody" and the permissions are "u=rw,g=r,o=r". You can
-# use any syntax accepted by chown and chmod.
-#SAVE_OWNER="nobody.nobody"
+# permissions and owner, so the daemon can read them. This can be changed
+# only when calamaris is run as root (insecure!)
+
+# By default user and group are not set the permissions are "u=rw,g=r,o=r". You
+# can use any syntax accepted by chown and chmod.
+#SAVE_OWNER="root.http"
 #SAVE_PERM="u=rw,g=r,o=r"
 
 # This piece of HTML code is inserted at top of reports generated in HTML