cnliberal wrote:Yes, but they'll only be able to compromise the Subsonic install, not the entire server. There should be a service account created to run the actual service. Then a separate web user.
Any suggestions about how to go about doing this? I attempted to chown as subsonic_service:nogroup all the folders that are owned by root in the above posts. However, doing this results in a 503 error.
Matt