Zoneminder 1.27.0
Posted: Sat Sep 06, 2014 9:13 pm
Hello,
i'm using Zoneminder for two years now (from the official Ubuntu 12.04 repository and now from the PPA, as i've tried it today)
It's a good piece of software, but i always was baffled by some functionnalities which were never fully implemented and thus misguiding, like the autorisations, and the last version 1.27.0 seems even worse that the older ones.
The config file /etc/zm/zm.conf was designed to use different web users (ZM_WEB_USER and ZM_WEB_GROUP), which in my case is not www-data.
As a matter of fact, there's plenty of good reasons to run Apache and Zoneminder as an another user, the more obvious is when you want ZM to access a NFS folder, with some fixed user.
It's not the most common situation for everybody, but the most common when you set up ZM as a professional (you don't use local disks, but some remote fat NAS, which is not the ZM server).
As the files ZM writes must have some specific owner, the ZM daemon and Apache must run on this specific user.
It's easily done within Apache, but it's a not well implemented within ZM, because even if you specify some user within zm.conf, the permissions on the program files and directories are reset to www-data when an update is applied.
Which is a real pain, when you have ZM instances, and they stop working during the night the software is updated.
With my experience, I've created a list of files/directories to set permissions onto, like /var/cache/zoneminder, or /tmp/zm, but i have to manually correct the permissions on all the servers i manage.
The ownership should be based on the configuration file, or at least well documented for beginners, even more because the logs are quite laconic.
FAT Can't connect: Permission denied zmdc.pl
FAT Can't bind: Permission denied
OK, which file are we talking about ... ?
As I said, the latest version (1.27.0) is even worse, because the www-data is hard coded within the /etc/init.d/zoneminder script. It totally breaks the service if ZM_WEB_USER is specified and different from www-data ...
start() {
echo -n "Starting $prog: "
mkdir -p $RUNDIR && chown www-data:www-data $RUNDIR
mkdir -p $TMPDIR && chown www-data:www-data $TMPDIR
$command start
RETVAL=$?
[ $RETVAL = 0 ] && echo success
[ $RETVAL != 0 ] && echo failure
echo
[ $RETVAL = 0 ] && touch /var/lock/zm
return $RETVAL
}
Can you please correct the specified bug, and pay special attention to the ZM_WEB_USER and ZM_WEB_GROUP implementation ?
Thanks =)
MilonZ
i'm using Zoneminder for two years now (from the official Ubuntu 12.04 repository and now from the PPA, as i've tried it today)
It's a good piece of software, but i always was baffled by some functionnalities which were never fully implemented and thus misguiding, like the autorisations, and the last version 1.27.0 seems even worse that the older ones.
The config file /etc/zm/zm.conf was designed to use different web users (ZM_WEB_USER and ZM_WEB_GROUP), which in my case is not www-data.
As a matter of fact, there's plenty of good reasons to run Apache and Zoneminder as an another user, the more obvious is when you want ZM to access a NFS folder, with some fixed user.
It's not the most common situation for everybody, but the most common when you set up ZM as a professional (you don't use local disks, but some remote fat NAS, which is not the ZM server).
As the files ZM writes must have some specific owner, the ZM daemon and Apache must run on this specific user.
It's easily done within Apache, but it's a not well implemented within ZM, because even if you specify some user within zm.conf, the permissions on the program files and directories are reset to www-data when an update is applied.
Which is a real pain, when you have ZM instances, and they stop working during the night the software is updated.
With my experience, I've created a list of files/directories to set permissions onto, like /var/cache/zoneminder, or /tmp/zm, but i have to manually correct the permissions on all the servers i manage.
The ownership should be based on the configuration file, or at least well documented for beginners, even more because the logs are quite laconic.
FAT Can't connect: Permission denied zmdc.pl
FAT Can't bind: Permission denied
OK, which file are we talking about ... ?
As I said, the latest version (1.27.0) is even worse, because the www-data is hard coded within the /etc/init.d/zoneminder script. It totally breaks the service if ZM_WEB_USER is specified and different from www-data ...
start() {
echo -n "Starting $prog: "
mkdir -p $RUNDIR && chown www-data:www-data $RUNDIR
mkdir -p $TMPDIR && chown www-data:www-data $TMPDIR
$command start
RETVAL=$?
[ $RETVAL = 0 ] && echo success
[ $RETVAL != 0 ] && echo failure
echo
[ $RETVAL = 0 ] && touch /var/lock/zm
return $RETVAL
}
Can you please correct the specified bug, and pay special attention to the ZM_WEB_USER and ZM_WEB_GROUP implementation ?
Thanks =)
MilonZ