Prev: buildbot test failure on freebsd 8.0-stable
Next: Commit ports/147840:
From: Christer Edwards on 25 Jun 2010 16:51
On Fri, Jun 25, 2010 at 8:32 AM, Christer Edwards
<christer.edwards(a)gmail.com> wrote:
> top shows shellinabox running
> sockstat -4 shows IP:4200
> none of my browsers ever connect..
>

I just tried re-installing (after re-downloading your Makefile), and
it's working fine for me now.

Thank you

--
Christer Edwards
_______________________________________________
freebsd-ports(a)freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-ports
To unsubscribe, send any mail to "freebsd-ports-unsubscribe(a)freebsd.org"

From: Vitaly Magerya on 28 Jun 2010 06:02
Olivier Cochard-Labb� wrote:
> I've just finished my port of Shell in a Box: It's a secure web server
> that provide ajax terminal emulator.
> More information on the official website: http://code.google.com/p/shellinabox/

After looking at the port for a while, I have some suggestions.

The port creates ${PREFIX}/etc/shellinabox directory, chowns it to
nobody and chmods it to 777. The reason for this is that shellinabox
creates certificates during the runtime and stores them into that
directory, but it only does that after dropping to "nobody" user.

As the author of shellinabox notes [1], this is a bad idea, because any
user can read and modify your keys this way. I also have a vague feeling
that storing variable files in ${PREFIX}/etc/shellinabox is a bad idea
as well (to compare, Debian port uses /var/lib/shellinabox).

So what I propose is this:
1. Create "shellinabox" user and group (via USERS and GROUPS).
2. Update rc script to start shellinaboxd with that user and group.
3. Make the certificate directory 700, owned by shellinabox:shellinabox.
4. Move the certificate directory to /var/shellinabox or similar
(what's our conventional location for this kind of files?).

I'm not sure on the 4 though. Any thoughts?

[1] http://code.google.com/p/shellinabox/issues/detail?id=22#c2
_______________________________________________
freebsd-ports(a)freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-ports
To unsubscribe, send any mail to "freebsd-ports-unsubscribe(a)freebsd.org"

From: Eric on 28 Jun 2010 07:16
> From: Vitaly Magerya <vmagerya(a)gmail.com>
[SNIP]
> 4. Move the certificate directory to /var/shellinabox or similar
> (what's our conventional location for this kind of files?).
>
> I'm not sure on the 4 though. Any thoughts?

Id say possibly /var/db/shellinabox

/var/db/ seems to be used by a fair number of services for record keeping of
various things.


_______________________________________________
freebsd-ports(a)freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-ports
To unsubscribe, send any mail to "freebsd-ports-unsubscribe(a)freebsd.org"

From: =?ISO-8859-1?Q?Olivier_Cochard=2DLabb=E9?= on 28 Jun 2010 07:36
2010/6/28 Vitaly Magerya <vmagerya(a)gmail.com>:

>
> So what I propose is this:
> 1. Create "shellinabox" user and group (via USERS and GROUPS).
> 2. Update rc script to start shellinaboxd with that user and group.
> 3. Make the certificate directory 700, owned by shellinabox:shellinabox.

Thanks for your tips, I've updated the port, here how to proceed now:

cd /usr/port/www
fetch http://gugus69.free.fr/tools/shellinabox.tgz
tar zxvf shellinabox.tgz
cd shellinabox
patch ../../UIDs UIDs.diff
patch ../../GIDs GIDs.diff
make install clean
/usr/local/etc/rc.d/shellinaboxd onestart

For information:
MD5 (shellinabox.tgz) = c553fd6b05d0b136cbef95f8cb808072
I've used the UID/GID 139 that seem available.


> 4. Move the certificate directory to /var/shellinabox or similar
>   (what's our conventional location for this kind of files?).
>
> I'm not sure on the 4 though. Any thoughts?

I let the certificate in /usr/local/etc/shellinabox (on my nanoBSD,
/var is a volatile RAM disk).

Regards,

Olivier
_______________________________________________
freebsd-ports(a)freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-ports
To unsubscribe, send any mail to "freebsd-ports-unsubscribe(a)freebsd.org"

From: Vitaly Magerya on 28 Jun 2010 08:17
Olivier Cochard-Labb� wrote:
> Thanks for your tips, I've updated the port

Looks good. Works with --disable-ssl on my VirtualBox (but, as before,
not without it).
_______________________________________________
freebsd-ports(a)freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-ports
To unsubscribe, send any mail to "freebsd-ports-unsubscribe(a)freebsd.org"

First  |  Prev  |  Next  |  Last
Pages: 1 2 3 4
Prev: buildbot test failure on freebsd 8.0-stable
Next: Commit ports/147840: