Hi, thanks for the report.
On 31/05/14 22:34, ael wrote:
> An ordinary user must be a member of the group motion in order to
> read /etc/motion/motion.conf. This is not documented in the Debian
> packages (unless I missed it, and I looked hard). Perhaps in the
> man page or a /usr/share/doc/motion/README.Debian?
>
I think I will just change it to 644 root:root instead. I see no reason for the
program to be able to write its own configuration file, nor to block other
users from reading that file.
Even /etc/ssh/sshd_config and /etc/tor/torrc are 644 root:root, so I think this
is fine from a security point of view.
> In passing, the /etc/motion/motion.conf has several peculiar settings,
> especially
> target_dir /var/lib/motion
> which is not accessible to an ordinary user and a very odd choice.
> I suggest it be commented out in the Debian version, so that the current
> WD default is used.
>
/var/lib/${package} is the standard place to store this sort of data, see the
Filesystem Hierarchy Standard (`man hier`).
The current WD is not suitable; this config file represents a *system service*
that should have a fixed runtime directory.
The upstream default /tmp/motion is not suitable since /tmp is supposed to be
deletable without notice - again part of the FHS.
For your purposes, I suppose you should make your own config file that omits
target_dir, that uses the WD.
X
--
GPG: 4096R/1318EFAC5FBBDBCE
git://github.com/infinity0/pubkeys.git
--
To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
