I've really enjoyed using Subsonic to help my band share songs we're working on etc. Really a fantastic app!
I'd very much like to move it to an Ubuntu/Linux platform, but I am concerned about Subsonic's default security. If possible it would really be great if:
- By default Subsonic ran as an unprivileged user rather than root.
- There could be some type of basic SSL support, or at least a way to encrypt the login username and password.
I've seen and tried the workarounds posted in the forums, but I was unable to get them working successfully. While I appreciate the talent of the folks who posted these workarounds, 25+ steps for enabling SSL is a bit much. Perhaps there could be a higher security version that is a paid app? If so I'd be more than happy to buy it!
Thanks for listening!
Security in Ubuntu/Linux
Moderator: moderators
10 posts
• Page 1 of 1
Security in Ubuntu/Linux
by OM NOM NOM » Mon Dec 27, 2010 8:02 pm
-
OM NOM NOM - Posts: 11
- Joined: Fri Mar 26, 2010 4:02 pm
by baaldemon » Wed Dec 29, 2010 2:40 pm
Rather than installing the standalone version run subsonic from Apache Tomcat. Simply download the war and deploy it yourself to tomcat. It then runs as the tomcat user and you can easily setup ssl following various tomcat guides.
The installation is no more complicated doing it this way and you are running on a much more scalable/reliable server.
The installation is no more complicated doing it this way and you are running on a much more scalable/reliable server.
- baaldemon
- Posts: 99
- Joined: Fri May 07, 2010 11:54 am
by OM NOM NOM » Wed Dec 29, 2010 2:45 pm
Ah - I was wondering about that! Thanks I'll give it a try!
-
OM NOM NOM - Posts: 11
- Joined: Fri Mar 26, 2010 4:02 pm
by OM NOM NOM » Thu Dec 30, 2010 4:16 pm
Did the Tomcat/WAR install and it still sets ownership of incoming files as Root, so it must be something in the application itself. Disappointing.
-
OM NOM NOM - Posts: 11
- Joined: Fri Mar 26, 2010 4:02 pm
by baaldemon » Thu Dec 30, 2010 6:50 pm
You need to make sure your tomcat server is setup to run as a specific user. Check what the TOMCAT_USER is set to tomcat.conf not sure what version your running or how ubuntu sets it up but the file should be in /etc/tomcat/ or /etc/tomcat#/ where # represents the version of tomcat you are running, probably tomcat6.
run ps aux |grep tomcat and see what user its running as. It seems odd that ubuntu would preconfigure it run as root, as that is generally advised against. But double check your setup because it should work properly. My files are created on the server with the user that is running tomcat.
Also a note on this is that you need to ensure that the user you have running tomcat as has propper permissions on your directories (dont forget about /var/subsonic/)
run ps aux |grep tomcat and see what user its running as. It seems odd that ubuntu would preconfigure it run as root, as that is generally advised against. But double check your setup because it should work properly. My files are created on the server with the user that is running tomcat.
Also a note on this is that you need to ensure that the user you have running tomcat as has propper permissions on your directories (dont forget about /var/subsonic/)
- baaldemon
- Posts: 99
- Joined: Fri May 07, 2010 11:54 am
by OM NOM NOM » Fri Dec 31, 2010 6:39 am
Thanks for the help, I'll take a look. I opted for the "straight" tomcat installation rather from the ubuntu repositories as I read on some forums that the repo version has some challenges. I used Sean P. Keown's guide in the forums to set it up (minus the SSL part):
http://forum.subsonic.org/forum/viewtop ... bsonic+ssl
http://forum.subsonic.org/forum/viewtop ... bsonic+ssl
-
OM NOM NOM - Posts: 11
- Joined: Fri Mar 26, 2010 4:02 pm
by baaldemon » Fri Dec 31, 2010 4:15 pm
Ah, that guide gives a very limited tomcat init script that causes it to run as root. Heres an example of a more complete startup script that has the options to run it as an unprivileged user http://bealetech.com/blogs/sean/2010/07 ... ipt-ubuntu
- baaldemon
- Posts: 99
- Joined: Fri May 07, 2010 11:54 am
by OM NOM NOM » Fri Dec 31, 2010 4:36 pm
Fantastic - can't wait to try it out...thanks for your help and happy new year!
-
OM NOM NOM - Posts: 11
- Joined: Fri Mar 26, 2010 4:02 pm
by seanpkeown » Sat Jan 01, 2011 11:21 pm
baaldemon wrote:Ah, that guide gives a very limited tomcat init script that causes it to run as root. Heres an example of a more complete startup script that has the options to run it as an unprivileged user http://bealetech.com/blogs/sean/2010/07 ... ipt-ubuntu
Updated the walk through to provide this. This script is a little shorter but it should do the job.
- Code: Select all
# description: Auto-starts tomcat
# processname: tomcat
# pidfile: /var/run/tomcat.pid
RETVAL=$?
TOMCAT_HOME=/usr/local/tomcat
export JAVA_HOME=/usr/lib/jvm/java-6-sun-1.6.0.22
USERNAME=subsonic
case $1 in
start)
if [ -f $TOMCAT_HOME/bin/startup.sh ];
then
echo $"Starting Tomcat"
/bin/su $USERNAME $TOMCAT_HOME/bin/startup.sh
fi
;;
stop)
if [ -f $TOMCAT_HOME/bin/shutdown.sh ];
then
echo $"Stopping Tomcat"
/bin/su $USERNAME $TOMCAT_HOME/bin/shutdown.sh
fi
;;
restart)
echo $"Restarting Tomcat"
/bin/su $USERNAME $TOMCAT_HOME/bin/shutdown.sh
/bin/su $USERNAME $TOMCAT_HOME/bin/startup.sh
;;
esac
exit $RETVAL
Enjoy
~ Sean K
- seanpkeown
- Posts: 100
- Joined: Tue Jun 09, 2009 10:41 pm
by OM NOM NOM » Sun Jan 02, 2011 2:53 am
Sean - thanks to you as well for the detailed walkthrough. I'll give it a go ASAP.
-
OM NOM NOM - Posts: 11
- Joined: Fri Mar 26, 2010 4:02 pm
10 posts
• Page 1 of 1
Who is online
Users browsing this forum: No registered users and 5 guests