Subsonic Forum

I've really enjoyed using Subsonic to help my band share songs we're working on etc. Really a fantastic app!

I'd very much like to move it to an Ubuntu/Linux platform, but I am concerned about Subsonic's default security. If possible it would really be great if:

- By default Subsonic ran as an unprivileged user rather than root.
- There could be some type of basic SSL support, or at least a way to encrypt the login username and password.

I've seen and tried the workarounds posted in the forums, but I was unable to get them working successfully. While I appreciate the talent of the folks who posted these workarounds, 25+ steps for enabling SSL is a bit much. Perhaps there could be a higher security version that is a paid app? If so I'd be more than happy to buy it!

Thanks for listening!

Rather than installing the standalone version run subsonic from Apache Tomcat. Simply download the war and deploy it yourself to tomcat. It then runs as the tomcat user and you can easily setup ssl following various tomcat guides.

The installation is no more complicated doing it this way and you are running on a much more scalable/reliable server.

Ah - I was wondering about that! Thanks I'll give it a try!

Did the Tomcat/WAR install and it still sets ownership of incoming files as Root, so it must be something in the application itself. Disappointing.

You need to make sure your tomcat server is setup to run as a specific user. Check what the TOMCAT_USER is set to tomcat.conf not sure what version your running or how ubuntu sets it up but the file should be in /etc/tomcat/ or /etc/tomcat#/ where # represents the version of tomcat you are running, probably tomcat6.

run ps aux |grep tomcat and see what user its running as. It seems odd that ubuntu would preconfigure it run as root, as that is generally advised against. But double check your setup because it should work properly. My files are created on the server with the user that is running tomcat.

Also a note on this is that you need to ensure that the user you have running tomcat as has propper permissions on your directories (dont forget about /var/subsonic/)

Thanks for the help, I'll take a look. I opted for the "straight" tomcat installation rather from the ubuntu repositories as I read on some forums that the repo version has some challenges. I used Sean P. Keown's guide in the forums to set it up (minus the SSL part):

http://forum.subsonic.org/forum/viewtop ... bsonic+ssl

Ah, that guide gives a very limited tomcat init script that causes it to run as root. Heres an example of a more complete startup script that has the options to run it as an unprivileged user http://bealetech.com/blogs/sean/2010/07 ... ipt-ubuntu

Fantastic - can't wait to try it out...thanks for your help and happy new year!

baaldemon wrote:Ah, that guide gives a very limited tomcat init script that causes it to run as root. Heres an example of a more complete startup script that has the options to run it as an unprivileged user http://bealetech.com/blogs/sean/2010/07 ... ipt-ubuntu

Updated the walk through to provide this. This script is a little shorter but it should do the job.

Code: Select all

# description: Auto-starts tomcat
# processname: tomcat
# pidfile: /var/run/tomcat.pid
RETVAL=$?
TOMCAT_HOME=/usr/local/tomcat
export JAVA_HOME=/usr/lib/jvm/java-6-sun-1.6.0.22
USERNAME=subsonic

case $1 in
start)
       if [ -f $TOMCAT_HOME/bin/startup.sh ];
          then
       echo $"Starting Tomcat"
            /bin/su $USERNAME $TOMCAT_HOME/bin/startup.sh
        fi
        ;;
stop)
        if [ -f $TOMCAT_HOME/bin/shutdown.sh ];
          then
       echo $"Stopping Tomcat"
            /bin/su $USERNAME $TOMCAT_HOME/bin/shutdown.sh
        fi
       ;;
restart)
echo $"Restarting Tomcat"
/bin/su $USERNAME $TOMCAT_HOME/bin/shutdown.sh
/bin/su $USERNAME $TOMCAT_HOME/bin/startup.sh
;;
esac
exit $RETVAL

Enjoy
~ Sean K

Sean - thanks to you as well for the detailed walkthrough. I'll give it a go ASAP.